How could we migrate Root CA

We use Win2003R2 Root CA.

1

How could we migrate win2003 Root CA to win2008 Root CA ?

2

CA need to be Domain Controller ?

September 1st, 2013 12:17pm

To migrate a CA, refer to that: http://technet.microsoft.com/en-us/library/ee126170(v=ws.10).aspx

It is highly not recommended to have a CA running on a DC. This is for security reasons and because it makes AD related operations more difficult (Example: If you would like to demote a DC, you need first to migrate or remove the CA).

For more details about the CA and related questions, please consider asking them here: http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserversecurity&filter=alltypes&sort=lastpostdesc

Free Windows Admin Tool Kit Click here and download it now
September 1st, 2013 12:24pm

We use Win2003R2 Root CA.

1

How could we migrate win2003 Root CA to win2008 Root CA ?

2

CA need to be Domain Controller ?

Yes, you can migrate CA from 2003 to 2008. CA is not supposed to be run on domain controller, instead a member server to be used to run CA. Secondly, a domain  controller should be only used for running AD,DNS, GC.

http://awinish.wordpress.com/2011/02/05/migrateupgrade-ca-from-one-2003-to-2008r2/

September 1st, 2013 9:22pm

Thank you.

Currently win2003DC have Root CA.

It is not recommeded and should be member server which have CA role ?

Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2013 12:00am

Thank you.

Currently win2003DC have Root CA.

It is not recommeded and should be member server which have CA role ?


Yes, for hosting CA or other apps, a member server to be used not DC.
September 2nd, 2013 12:04am

Thank you.

Currently win2003DC have Root CA.

It is not recommeded and should be member server which have CA role ?

Yes, I would not recommend installing more than DNS and DHCP roles on a DC. Other roles, applications and features should go to a member server.
Free Windows Admin Tool Kit Click here and download it now
September 2nd, 2013 4:52am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics