CA and Primary Domain Controller on the same server

windows-server-2008 active-directory certificate-authority ad-certificate-services

Solution 1:

You need to be joined to a domain to be an Enterprise CA, but you do not need to be domain joined in order to be a standalone CA. An Enterprise CA adds features that come along with being integrated with Active Directory, but the downside is that you cannot take it offline as you would do with a high-security root CA.

Yes it is possible to install AD CS on the same server as a domain controller. But it is not really recommended. It's best practice to have a domain controller just being a domain controller. The more services you install on one system, the more services you will lose when that one system goes down.

Edit: You can also explore more robust designs, such as having an offline root CA, and an Enterprise issuing CA.

Related

Chef cookbook dependencies of dependencies
Tridion 2011 SP1 HR1 - sending content to SmartTarget/Fredhopper
Is it safe to remove power from a linux computer in run level 0? [closed]
Is there a reason why DKIM signs every mail twice [closed]
Will an MX record "follow" a CNAME record?
NGINX default error page
What is the difference between SSH and SSH Tunneling
how to recognize places and people's names easily during conversation
A possibly modern derogatory term for housewife
What is the polite term for native islanders of the Caribbean?
Can "brain" be used as a verb [closed]
at/in city [when country follows city ]