Oct 30 202105:29 PM
Yes, you can build two (or more) certificate authorities within a domain. It's not commonly done and it's not something I'd advise under normal circ*mstances, but you can do it.
The certificate templates are stored in the Active Directory CN=Configuration partition, meaning that single location is used by all authorities (and their subordinates). This means that any changes to these Active Directory-stored templates is visible to all authorities.
Installing a second (or more) certificate authority will not affect the templates. The templates are only installed by default when using the "Enterprise CA" option (as distinct from the "Standalone" option) and if they already exist, are left alone.
Cheers,
Lain