The product team worked hard to make this breakthrough functionality happen in Windows Server 2008 R2 . Now is the time to evaluate cross forest certificate enrollment in your test environment. If you have specific feedback on the whitepaper, feel free to add your comments to this blog entry.
From the abstract: Windows Server 2008 R2 allows enterprises to issue digital certificates from an enterprise Certification Authority (CA) to the clients that are members of a different Active Directory (AD) forest. This process is called cross-forest certificate enrollment. This white paper will explain how the cross-forest certificate enrollment works. It will also provide deployment guidance for new and existing Active Directory Certificate Services (ADCS) deployments. The paper will cover strategies for consolidating existing certificate templates that may be already in use in the enterprise. It will present choices for ongoing management of the cross-forest certificates deployment. A PowerShell script is also provided to facilitate management tasks related to setting up and maintaining cross-forest certificate enrollment environment.