How to autoenroll certificates from a Certification Authority in a trusted domain?

view story

http://serverfault.com – I have two Active Directory domains in two separate forests, all at Windows Server 2008 R2 functional levels. There is a two-way forest trust between the domains. Domain A contains a Windows Server 2008 R2 Enterprise Root Certification Authority; its root certificate is trusted by all computers in the domain; there are autoenrollment policies to automatically issue a computer certificate to each computer in the domain (more than one to DCs, as usual). Domain B contains no Certification Authority, but the root certificate of Domain A's CA is assigned as a trusted root certificate to all compu (HowTos)