• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 280
  • Last Modified:

CA migration to another DC/GC

I've got a customer that has several sites across the US and their CA is in a site that will soon be going away. I've moved the AD roles to a DC in another state but we're left with the CA in the soon to be closed location. From what they have told me one cert is being used for file encryption and another for servers and computers to establish trust with the DC's. There are other certs that they are checking on to see what they're actually doing. I've done some research and really haven't found a clear path as to what's the best way to migrate/move this. Some say you must have the same hostname etc. That's not possible as it's moving to an existing DC/GC. I thought about trying to create a CA subordinate on the other DC. I also have read that you should be able to migrate the store and as long as you use the same CA name it shoudl work. I've also got to make the decision as to whether this can be done during production or if it needs to be schedule for their one maintenance window they have each month.
0
bciengineer
Asked:
bciengineer
  • 3
  • 3
1 Solution
 
AmitIT ArchitectCommented:
That is right....you need same name for certificate server...Certificate migration is complex process...is this a 2008 server holding cert? or 2003?
0
 
bciengineerAuthor Commented:
Yes it's 2008 infastructure.
0
 
AmitIT ArchitectCommented:
Check this guide from MS.

http://technet.microsoft.com/en-us/library/ee126170(WS.10).aspx

If possible open a case with MS.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
bciengineerAuthor Commented:
What about the plan to try and create a Subordinate in the other location then shut the server down in the site that's going away?
0
 
AmitIT ArchitectCommented:
@bciengineer

I haven't tried that one. So cannot confirm.
0
 
bciengineerAuthor Commented:
Thanks for the input. Has anyone tried this method of setting up a CA subordinate to replace the root then take the root server offline?
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now