I have a driver I am going to implement for one of our departments that has
their own MAD forest. I won't be performing password sync, just setting the
initial password with a randomly generated value. The RL will be hosted on
a member server and not a DC, so I know you must have a CA in the domain in
order for password sync to work in this scenario. I would assume you would
still need the CA ragardless if you're doing password sync or just setting
the inital password, but can someone confirm that?? If that is the case,
can it be a stand alone CA or does it have to be an Enterprise CA??

Thanks in advance!!