Implementing Network Device Enrollment Service in a User Forest / Resource Forest environment


  • Hello,

    We have a Windows 2008 R2 User Forest / Resource Forest configuration, where users authenticate to Domain Controllers in the User Forest, but access resources such as Lync and Exchange in the Resource Forest.

    We would like to install the Network Device Enrollment Service role in order to make Simple Certificate Enrollment Protocol (SCEP) available to our Blackberry Device Service 10 server.  BDS10 supports SCEP to be used for authentication to ActiveSync, WiFi and VPN profiles.

    My question is really just a confirmation.  Where should we install NDES?  In the User Forest, or the Resource Forest? 

    From what I have researched and what I think, NDES should be installed in the User Forest because that is where the user is authenticating.

    Thanks in advance for your answer(s)

    ~~~ Mark Orser Pernod Ricard Americas

    Monday, July 08, 2013 2:47 PM


All replies