Active Directory Certificate Services

Download the Active Directory Certificate Services Guide

About This Guide

The Infrastructure Planning and Design Guide for Active Directory Certificate Services outlines the critical infrastructure design elements that are key to a successful implementation of Active Directory Certificate Services. Using this guide will result in a certificate services design that is optimized to meet the needs of your organization at the lowest cost.


Figure1. Decision flow chart

In More Detail

The Infrastructure Planning and Design Guide for Active Directory Certificate Services includes the following four-step process:

Step 1: Identify the Certificate Requirements. In this step, the project scope will be identified by defining which parts of the organization will be included in the project.

Step 2: Design the Root CAs. In this step, the number of root certification authorities (CAs), reasons for the root CAs, location and type of root CAs will be determined. This information will be used in later steps to design the CA hierarchy.

Step 3: Design the CA Hierarchy. After the requirements for certificate enrollment, validation, and revocation were documented for each location, this step will apply those requirements to design the minimal hierarchy of CAs.

Step 4: Design the CA Server Infrastructures. In this step, the protocol that will be used to deliver certificate services will be selected for each CA. That will be used as input to design and place the CA servers within the CA hierarchy.

Related Resources


Please send questions or comments about this guide to

About Solution Accelerators

Solution Accelerators are authoritative resources that help IT pros plan, deliver, operate, and manage IT systems that address real-world scenarios. Solution Accelerators provide free, prescriptive guidance and automation to accelerate cross-product integration, core infrastructure development, and other enhancements.

Sign up to receive the Solution Accelerator Notifications newsletter so that you can stay informed about new Solution Accelerator releases and updates. The newsletter covers such areas of interest as:

  • Communication and collaboration

  • Security, data protection, and recovery

  • Deployment

  • Operations and management

See also