DSConfigDN and DSDomainDN are two objects that should be taken care while designing PKI implementation (specially in case  of using a Stand Alone Root CA and a Enterprise Sub CA).

The following output provides you instructions how to obtain the required values from your Certificate Authority:

C:\Users\administrator>certutil -getreg  ca\DSConfigDN

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\lyncd
omain-SRV5-CA\DSConfigDN:

  DSConfigDN REG_SZ = CN=Configuration,DC=lyncdomain,DC=local

CertUtil: -getreg command completed successfully.

C:\Users\administrator>certutil -getreg  ca\DSDomainDN
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\lyncd
omain-SRV5-CA\DSDomainDN:

  DSDomainDN REG_SZ = DC=lyncdomain,DC=local
CertUtil: -getreg command completed successfully.

Note: A Stand Alone Root CA / Stand Alone Sub CA details (e.g. Certificate, CRL, AIA etc.) could be published into the Active Directory by using the following commands:

“CertUtil -dsPublish -f RootCACertificate.cer RootCA “

“CertUtil -dsPublish -f SubCACertificate.cer SubCA “

To publish CRL into the Active Directory you should use the following command:

“certutil -dspublish-f  MyCRLFile.Crl “

Reference:

Configure an offline root certification authority to support certificate revocation with Active Directory

How to import third-party certification authority (CA) certificates into the Enterprise NTAuth store