I’d like to know what to do if our Certificate Server, which has the Network Device Enrolment Service (NDES) role enabled, needs to be migrated or restored to new hardware. Specifically, I’m wondering about the following two certificates that are issued to the server during the install of NDES: · Exchange Enrollment Agent (Offline request) (EnrollmentAgentOffline) · CEP Encryption (CEPEncryption) If we install Certificate Services (using the backup of the CA key), Web Enrollment, NDES, and then restore the certificate database & registry key, wont the newly issued certificates for NDES (mentioned above) get overwritten as part of the database restore? Will this cause a problem when trying to use NDES? Would it make more sense to install Certificate Services (using a backup of the CA key), Web Enrollment, restore the certificate database & registry key, and then install NDES? If going this route, should the original certificates (generated during the install of NDES) be revoked or deleted first? Background: We’re a 2003 Native Mode Domain (single Forest, single Domain) and we’re installing Certificate Services on two 2008 R2 Enterprise (domain member) servers. We have a Root and Subordinate (Issuing) server. We’re enabling Credential Roaming for our users, who will be largely using XP. Any comments or suggestions will be most welcome...