Disclaimer: All postings are provided "AS IS" with no warranties, and confer no rights. This weblog does not represent the thoughts, intentions, plans or strategies of Microsoft. Because a weblog is intended to provide a semi-permanent point-in-time snapshot, you should not consider out of date posts to reflect current thoughts and opinions.
One of the largely unheralded big new features of Active Directory Certificate Services is that it can now be configured to be site-aware!
This is accomplished by following the detailed steps that are described on the ADCS Wiki link below.
The short version is however as follows:
...then add some suger and bake for 30 minutes in the oven, that's it! :)
AD DS Site Awareness for AD CS and PKI Clientshttp://social.technet.microsoft.com/wiki/contents/articles/14106.ad-ds-site-awareness-for-ad-cs-and-pki-clients.aspx
What's New in AD CS [in Windows Server 2012]?http://technet.microsoft.com/en-us/library/hh831373.aspx
FYI the registry change is *not* required on Windows 8 as the functionality is included by default. The wiki entry here: social.technet.microsoft.com/.../14106.ad-ds-site-awareness-for-ad-cs-and-pki-clients.aspx has recently been updated to reflect this.