Simple yet powerful Two-Tier PKI

I thought i start of the new year to learn how Git works and publish my first project on Github for easier version control and sharing capabilities.

This project is my take on Two-Tier PKI environment using Active Directory Certificate Services (ADCS).

The configuration is pretty simple. It consist of two servers, virtual or physical doesn’t matter. One is used for Root/Offline Certification Authority (CA) and the other one is for Enterprise/Subordinate CA.

The installation procedure and scripts is available on the Github repository.

This script is published on “As Is” basis. I will not take any responsibility for any damage this script might do to your production or test server environment. Please ensure that you test this properly in a non-production environment before running or scheduling the script in a production environment.

Help section for the installation scripts below:

Outlook prompts for credentials with Exchange 2010 and 2013/2016 coexistence

For some time ago I stumbled upon a strange credential prompt in Outlook for an entire organization after changing the Autodiscover namespace to point to the Exchange 2016 servers.
Outlook 2010 Credential Prompt

When you search for this issue with your favorite search engine you get several hits where other administrators and users got the same error.  The solutions posted in the forums, blogs and articles were all different but they were all touching the same subject, Autodiscover.
So I decided to try the top solutions i found to see if it resolves my issue.

Our servers:
1 Exchange 2010 CAS/HUB
1 Exchange 2010 Mailbox
2 Exchange 2016 Mailbox (Mailbox role in Exchange 2016 has all Exchange roles except Edge)
Namespace URLs for both Exchange 2010 and Exchange 2016:
Outlook Anywhere:
Autodiscover SCP:
We are using a SRV-record for autodiscover instead of a A-record for the external DNS Zone.