Just a bit of grey area for me surrounding this process. I just wanted to get a few things cleared up. I'm migrating our Online Enterprise Root CA to a Stand Alone Offline Root (Different server name) with Subordinate Enterprise CA. - Post Migration I'm wondering if I need to publish AIA and CDP locations to the old locations? Or can I specify new locations and re-enroll all cert holders? Thanks to Vadims for giving me a solution to one of the problems I was having here : http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/6ef87add-fc60-488f-8d31-510b1b8b3cdb - Are there any other registry changes I need to be making post migration? Aside from the ones listed in the migration guide? Here's what the guide states for registry entries that need to be migrated: Registry location Configuration parameter HKEY_LOCAL_MACHINE\system\currentcontrolset\services\certsvc\Configuration LDAPFlags HKEY_LOCAL_MACHINE\system\currentcontrolset\services\certsvc\Configuration\CAname DSConfigDN ForceTeletex CRLEditFlags CRLFlags InterfaceFlags (required only if has been changed manually) EnforceX500NameLengths SubjectTemplate ValidityPeriod ValidityPeriodUnits KRACertHash KRACertCount KRAFlags CRLPublicationURLs CRLPeriod CRLPeriodUnits CRLOverlapPeriod CRLOverlapUnits CRLDeltaPeriod CRLDeltaPeriodUnits CRLDeltaOverlapPeriod CRLDeltaOverlapUnits CACertPublicationURLs (check for custom entries with hard-coded host names or other data specific to the source CA) CACertHash HKEY_LOCAL_MACHINE\system\currentcontrolset\services\certsvc\Configuration\CAname\ExitModules\CertificateAuthority_MicrosoftDefault.Exit PublishCertFlags HKEY_LOCAL_MACHINE\system\currentcontrolset\services\certsvc\Configuration\CAname\PolicyModules\CertificateAuthority_MicrosoftDefault.Policy EnableRequestExtensionList EnableEnrolleeRequestExtensionList DisableExtensionList SubjectAltName SubjectAltName2 RequestDisposition EditFlags I've completed a successful test migration, just want to make sure I cover all angles prior to deploying to production next week. Thanks again for the assistance.

Hi, Thanks for posting in Microsoft TechNet forums. Here is an article which might be useful to you: AD CS Migration: Post-Migration Tasks http://technet.microsoft.com/en-us/library/ff519213(v=ws.10).aspx Regards Kevin TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

Hi, Thanks for posting in Microsoft TechNet forums. Here is an article which might be useful to you: AD CS Migration: Post-Migration Tasks http://technet.microsoft.com/en-us/library/ff519213(v=ws.10).aspx Regards Kevin TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

Hi, Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance. Have a great day! Regards Kevin TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

Thanks for the article, though this doesn't really mention anything about the questions I stated above. I may be missing something.