• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1321
  • Last Modified:

Can I migrate Enterprise Root CA during the day, or is this an after hours project?

I need to move my Root CA off of a 2003 R2 Domain controller and onto a 2008 R2 domain member server.

Because the new server has a different name than the old server, I am going to try the steps outlined in this article:

I've read through it and its pretty straightforward.  I've backed up the 2003 R2 CA database and exported the registry.  I'm at the step where I am to uninstall the CA role from the 2003 server.  

HOWEVER, my question is, if I do this during the work day, wouldn't things break?  I think the main purpose of the CA in our environment has to do with PEAP / wireless 802.1x authentication which right now 2003 IAS and 2008 NPS can both authenticate and handle these RADIUS requests from our Cisco WLC.

Nowhere do any of these article or even the Microsoft articles state "WARNING: Do this after hours!!!"  So what would you do?
  • 2
  • 2
2 Solutions
Will SzymkowskiSenior Solution ArchitectCommented:
As i always like to say "Ounce of prevention, Pound of Cure". From personal experience, if I have never made a specific change before in a production environment and I don't know exactly how the outcome will be I would always recommend doing something like this after hours.

If you have gone through this procedure plenty of times and you know for a fact that "nothing" will break then fine.

I just know that if something does break and several/all users cannot connect etc it is much easier to solve an issue without that much pressure.

Hope this helps!
ITdiamondAuthor Commented:
You are probobly right Spec01.

I'm just studying the procedure and ensuring all my backups are in place for now.  I will wait until everyone leaves tonight to try this change.

The only thing that it might affect is authentication to the wireless network.  I'm not 100% sure though because the CA was put in place to generate the certificate for that.  The certificate has long been generated and is applied to clients and both the IAS server and NPS server (NPS takes over if IAS is down - eventually we will decommision IAS as it is Server 2003).
Svet PaperovIT ManagerCommented:
It’s a very good article.

I did a similar migration during the work hours without any problems. The only difference was I did keep the same server name as recommended by Microsoft. You can find the steps I performed here: http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_27052731.html

The issue you will probably have with replacing the name of the server is reissuing of the certificates.

Good luck!
Will SzymkowskiSenior Solution ArchitectCommented:
The document that you have posted looks good and should do the trick. Operations from a System chagne stand point can seem quite strightforward. It's usually an unidentified item specific to an organization which will cause any issues.

I would do it after hours to be on the safeside.

ITdiamondAuthor Commented:
Since I am moving it to a new server with a different name, to play it safe I think I will heed Spec01's advice.

Spaperov, good article and thanks for you input.  I have to keep the current server online for a few more weeks as there are other services that will also need to be migrating off of it (DHCP, DNS).  Eventually it will be demoted and reformatted with 2008 R2.

This is part of a 2003 to 2008 R2 domain migration.  I'm migrating stuff into virtual servers in VMWare, but when finished I will repurpase the current 2003 DC as a physical 2008 R2 DC so "all eggs are not in one basket".

Thanks everyone!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now