Several preparations should be undertaken before installing a Windows Server 2003 enterprise certification authority (CA) in a Windows 2000 Active Directory environment. These preparations include:
■ Determining whether Microsoft Exchange Server 2000 is deployed in the Windows 2000 forest. Exchange Server 2003 defines three non-RFC-compliant attributes for the inetOrgPerson object: houseIdentifier, Secretary, and labeledURI. To prevent mangling, the Lightweight Directory Access Protocol (LDAP) display names of these attributes must be modified before Windows Server 2003 schema modifications are performed. Mangling—the modification of a display names from the correct name to a name with an autogenerated prefix and suffix—occurs when an existing attribute and a new attribute are configured with the same LDAP display name.
■ Ensuring that all domain controllers are running Windows 2000 Service Pack 3 or later. Windows 2000 Service Pack 3 is the minimum required version when applying the Windows Server 2003 schema.
■ Ensuring that the schema naming context is replicated to all domain controllers in the forest. The schema must replicate successfully to allow Windows Server 2003 schema updates.
Was this article helpful?