Hello Everyone, I need to move certificate services from one domain controller to another domain controller in a way where I should be able to take both DCs online after the movement i.e. servers would have different name. Generally, this process is not recommended, but my situation is such that I need to move the certificate services to the new DC as well as keep the old DC. Off course, I will uninstall the certificate authority from source domain controller, but it should still be able to service active directory, dns clients. Following are articles that I will be utilizing as my guideline. Kindly, suggest. http://support.microsoft.com/kb/298138 And this one specially since the name would be different http://smtpport25.wordpress.com/2010/01/16/migrating-windows-certificate-authority-server-from-windows-2003-standard-to-windows-2008-enterprise-server/ Kindly, suggest. THanks.

Hi you should really check out Active Directory Certificate Services Upgrade and Migration Guidance http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c70bd7cd-9f03-484b-8c4b-279bc29a3413 This is a much more comprehensive resource than those you've cited. Kind regards Martin Rublik

Thanks for the reply. The guide seems to be for windows server 2008. I am dealing with windows server 2003. So, I would appreciate if you can guide for server 2003. Thanks.

Hello all, FYI, I would like to point out this was discussed in the NIS forum and was suggested to post the question here. Here's a link to what's been discussed, if it helps with responses to Geek Seek's question: Moving Certificate Services http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/227591ef-ae8b-4eb3-8450-d626b59eb8ac/ AceAce Fekay MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services This posting is provided AS-IS with no warranties or guarantees and confers no rights.

here it come in a simpler way: http://technet.microsoft.com/en-us/library/cc742388(WS.10).aspx ondrej.

here it come in a simpler way: http://technet.microsoft.com/en-us/library/cc742388(WS.10).aspx ondrej. Hi, The steps may work, but it is not officially supported unless the target system is Windows Server 2008. Another option could be to create a new PKI hierarchy. We can create a new CA on the new server (different computer name), remove all certificate templates from the old CA for issuance and only maintain CRLs, and then retire the old PKI hierarchy when all the certificates issued from the old CA expire. Hope it helps.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

So, if I have understood is clearly. Microsoft does not support CA migration/movement to a different hostname machine when source and target are both windows server 2003. Correct me if I am wrong? Thanks Jason Zhou for the reply. This could also be a DR plan? correct me if I am wrong? But, I would love a step by step article here of above where such a goal is achieved by creating new heirarchy and redoing everything? The only negative of it that I can find is that there would be down time of the service. Correct me if I am wrong? Thanks in advance.

What about this article. I think it perfectly suites my scenario of replacing the CA wiht a new name? http://support.microsoft.com/kb/555012 Kindly, suggest.