Hello, all. To accommodate certificate duplication for DirectAccess, I need to move my enterprise CA from its current home, a Windows 2008 Standard Server, to a new server with Windows Server 2008 Standard R2. I've poured through a number of white papers and forum posts and my head it spinning. 1. Does an enterprise CA have to live on a domain controller? Or is it best to place it on a member server? 2. I need to keep the DC where my enterprise CA currently lives so I will not be decommissioning this server. I get the impression that moving my CA to another server with a different name may cause issues. Is that the case? 3. Would it be easier to upgrade my existing CA to either Server R2 or Server Enterprise instead of moving my CA to another server. Any additional guidance, tips, comments would be greatly appreciated. Thank you.

Hello, the best place for CA questions is the scurity forum: http://social.technet.microsoft.com/Forums/en/winserversecurity/threadsBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

HJustin, Here's a good discussion on it (ignore the parts of the thread where the poster changed topic to DR unless you find that part helpful, too): Moving Certificate Services http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/227591ef-ae8b-4eb3-8450-d626b59eb8ac So to move it from one to another and keep the same name, is quite a task, and would require you to rename your current machine (DC or non-DC) to something else. Yes, you can run it on a DC - no problem there. I personally would run it on a non-DC, just to reduce complexit, but that is a budget and scenario based question. However, as Meinolf suggested, however, this question is better suited in the Security forum. AceAce Fekay MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services This posting is provided AS-IS with no warranties or guarantees and confers no rights.

Thank you for responding. I have posted my question in the Security forum.