Moving My CA: My Head is Spinning
Hello, all.
To accommodate certificate duplication for DirectAccess, I need to move my enterprise CA from its current home, a Windows 2008 Standard Server, to a new server with Windows Server 2008 Standard R2. I've poured through a number of white papers and forum posts
and my head it spinning.
1. Does an enterprise CA have to live on a domain controller? Or is it best to place it on a member server?
2. I need to keep the DC where my enterprise CA currently lives so I will not be decommissioning this server. I get the impression that moving my CA to another server with a different name may cause issues. Is that the case?
3. Would it be easier to upgrade my existing CA to either Server R2 or Server Enterprise instead of moving my CA to another server.
Any additional guidance, tips, comments would be greatly appreciated.
Thank you.
May 10th, 2011 9:26am
Hello,
the best place for CA questions is the scurity forum:
http://social.technet.microsoft.com/Forums/en/winserversecurity/threadsBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
May 10th, 2011 9:37am
HJustin,
Here's a good discussion on it (ignore the parts of the thread where the poster changed topic to DR unless you find that part helpful, too):
Moving Certificate Services
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/227591ef-ae8b-4eb3-8450-d626b59eb8ac
So to move it from one to another and keep the same name, is quite a task, and would require you to rename your current machine (DC or non-DC) to something else. Yes, you can run it on a DC - no problem there. I personally would run it on a non-DC, just
to reduce complexit, but that is a budget and scenario based question.
However, as Meinolf suggested, however, this question is better suited in the Security forum.
AceAce Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
May 10th, 2011 10:30am
Thank you for responding. I have posted my question in the Security forum.
Free Windows Admin Tool Kit Click here and download it now
May 10th, 2011 10:33am