SCCM 2007 R3 change to native mode
I have a new setup but was installed in mixed mode. How do I change to PKI infrastructure, I already have a Windows 2008 domain controller running a certificate server. What do I need to do to change and enable all the functions of client based
internet user management?
November 28th, 2010 9:19pm
The guides on TechNet are very good (http://technet.microsoft.com/en-us/library/bb680658.aspx,
http://support.microsoft.com/kb/2252943), but they assume a few things; the biggest assumption they make is that you have planned and implmented your PKI in a solid and reliable manner. Also note that you
must make your key site roles available to Internet clients. There are various ways of doing this as documented in scenario case-studies on TechNet:
http://technet.microsoft.com/en-us/library/bb693824.aspx.
Installing a CA on a DC is something I strongly recommend against. It tightly couples the two leaving you no wiggle room when upgrading your AD infrastructure: upgrading or migrating a DC is easy, migrating a CA is not necessarily difficult but is not straight-forward
at all and has bigger ramifications. Having an Enterprise CA does not mean that it has to be on a DC. Also note that the only documented way to produce the required certificates for Native Mode is to use an Enterprise CA installed on Windows Enterprise edition
-- there are two different meaning for "Enterprise" as far as CA's go. An Enerprise CA is for integratio with AD and all the goodness that brings while a CA installed on Windows Enterprise edition brings te use of customizable templates.
Lastly, there is no user-centric management in IBCM. Only system-centric management. Not sure if that was the conotation from your statement above, but just wanted to explicitly state that.
The bottom line is that you need to do a lot of planning and learning to move a site to native mode and enable IBCM; although technically it is just a switch to flip, there are a lot of pre-requisites that you must get right in order for it to work correctly.Jason | http://myitforum.com/cs2/blogs/jsandys | http://blogs.catapultsystems.com/jsandys/default.aspx | Twitter @JasonSandys
Free Windows Admin Tool Kit Click here and download it now
November 28th, 2010 11:01pm