Migrate Certification Authority from 2003 domain to another parrallel domain

We have an old 2003 domain with a CA authority, in which we have a few old application servers which is in the process of de-comissioning, however it will take another 6-8 months to complete.
We also have a 2008 domain running in parralel which is the current domain and I need to move the certificate authority from the 2003 domain to the new domain but to still service the old 2003 domain until we de-comission this domain. Is there a guide that can be used for this process please?
BiertanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Seth SimmonsSr. Systems AdministratorCommented:
you can move a CA domain root to the same or a newer version of windows but not across domains
the CA is setup for that domain; build a new CA for the other domain
0
BiertanAuthor Commented:
Thank you Seth.
The new domain has it's own CA and I was wondering whether I can use this same CA for the old domain (they have trusts in place accross the domains), rather than building a new CA for the old domain, which will only be de-comissioned soon.
0
Seth SimmonsSr. Systems AdministratorCommented:
ok that's something entirely different; the original question referred to moving the CA which is a different process
i haven't tried a CA between trusted domains so not sure if it would work
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

MaheshArchitectCommented:
With 2008 R2, MS has started to enroll certificates over cross forest trust
However its not possible to migrate CA rom one domain to another as it is domain specific
"You cannot change the name nor the domain of the Certificate Server once Certificate Services is installed"
0
BiertanAuthor Commented:
My apologies Seth - I didn't express the question appropriately.
My intention (if possible) is to use the new domain's CA as the CA for the old domain as well.
0
MaheshArchitectCommented:
Look at below guide - Cross Forest Certificate enrollment
http://technet.microsoft.com/en-us/library/ff955842(v=ws.10).aspx
0
BiertanAuthor Commented:
It is possible to re-enroll existing objects from old domain in the new domain CA through group policy?
0
MaheshArchitectCommented:
You cannot re-enroll existing objects because you have not enrolled it from CA over cross forest trust
To do what you can do, install enterprise root ca (Ad Integrated) in new forest with 2008 R2 member server, establish TWO way cross forest trust and then start enrolling certificates over forest trust
This certifcates can be renewed in advance when they are about to expire
http://technet.microsoft.com/en-us/library/ff955845(v=ws.10).aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.