Move CA from W2k3 DC to W2k8 DC

  • Thread starter Thread starter RVilla
  • Start date Start date
R

RVilla

Guest
We are not sure what path we want to take concerning our CA server. It is an
Enterprise CA on a W2K3 domain controller that needs to be decomissioned due
to age of hardware. We are looking for the best approach..

Here are our thoughts and options:
1. Move the CA server to a new W2K8 Std x64 Edition server that will be a DC
2. Promote the W2K8 server to be a DC, Create a new CA server on the new
W2K8 server, create new certificates and decommission the old CA.

We have issued a very small number of certificates for in-house use. Also,
we are not tied to keeping the same server name. From KB298138, I see that we
will need to keep the the same server name, and upgrade the W2K3 server to
W2K8 before moving the CA.

Another challenge is the W2K8 server will be a DC. Do I promote the server
to a DC before moving the old or creating a new CA?

Any thoughts or ideas?
Robert --
Thanks in advance....
 
Re: Move CA from W2k3 DC to W2k8 DC

Hello RVilla,

Have a look here, it also inlcudes a link for renaming the server:
http://technet2.microsoft.com/windo...d7e4-4452-9fb2-17aa6398fe5c1033.mspx?mfr=true

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> We are not sure what path we want to take concerning our CA server. It
> is an Enterprise CA on a W2K3 domain controller that needs to be
> decomissioned due to age of hardware. We are looking for the best
> approach..
>
> Here are our thoughts and options:
> 1. Move the CA server to a new W2K8 Std x64 Edition server that will
> be a DC
> 2. Promote the W2K8 server to be a DC, Create a new CA server on the
> new
> W2K8 server, create new certificates and decommission the old CA.
> We have issued a very small number of certificates for in-house use.
> Also, we are not tied to keeping the same server name. From KB298138,
> I see that we will need to keep the the same server name, and upgrade
> the W2K3 server to W2K8 before moving the CA.
>
> Another challenge is the W2K8 server will be a DC. Do I promote the
> server to a DC before moving the old or creating a new CA?
>
> Any thoughts or ideas?
> Robert --
> Thanks in advance....
 
Re: Move CA from W2k3 DC to W2k8 DC

Thanks for the information.

Our problem is that we have already purchased a replacement server with
Windows 2008, and is on the network with a different name. The old server has
Windows 2003. The 2003 server is a domain controller, the 2008 server will be.

Will I be able to upgrade the 2003 DC to 2008 using trial software? Or do we
need to purchase another copy of 2008?

It would seem easier to revoke the certificates already created (we have a
small # of them), and decommission the 2003 server, again remember it is a
DC. Then install a new Enterprise CA on the 2008 server and create new
certificates.

Is either of these scenarios possible? Recommended?

--
Thanks in advance....


"Meinolf Weber" wrote:

> Hello RVilla,
>
> Have a look here, it also inlcudes a link for renaming the server:
> http://technet2.microsoft.com/windo...d7e4-4452-9fb2-17aa6398fe5c1033.mspx?mfr=true
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
> > We are not sure what path we want to take concerning our CA server. It
> > is an Enterprise CA on a W2K3 domain controller that needs to be
> > decomissioned due to age of hardware. We are looking for the best
> > approach..
> >
> > Here are our thoughts and options:
> > 1. Move the CA server to a new W2K8 Std x64 Edition server that will
> > be a DC
> > 2. Promote the W2K8 server to be a DC, Create a new CA server on the
> > new
> > W2K8 server, create new certificates and decommission the old CA.
> > We have issued a very small number of certificates for in-house use.
> > Also, we are not tied to keeping the same server name. From KB298138,
> > I see that we will need to keep the the same server name, and upgrade
> > the W2K3 server to W2K8 before moving the CA.
> >
> > Another challenge is the W2K8 server will be a DC. Do I promote the
> > server to a DC before moving the old or creating a new CA?
> >
> > Any thoughts or ideas?
> > Robert --
> > Thanks in advance....
>
>
>
 
Back
Top