Biertan
asked on
Migrate Certification Authority from 2003 domain to another parrallel domain
We have an old 2003 domain with a CA authority, in which we have a few old application servers which is in the process of de-comissioning, however it will take another 6-8 months to complete.
We also have a 2008 domain running in parralel which is the current domain and I need to move the certificate authority from the 2003 domain to the new domain but to still service the old 2003 domain until we de-comission this domain. Is there a guide that can be used for this process please?
We also have a 2008 domain running in parralel which is the current domain and I need to move the certificate authority from the 2003 domain to the new domain but to still service the old 2003 domain until we de-comission this domain. Is there a guide that can be used for this process please?
ASKER
Thank you Seth.
The new domain has it's own CA and I was wondering whether I can use this same CA for the old domain (they have trusts in place accross the domains), rather than building a new CA for the old domain, which will only be de-comissioned soon.
The new domain has it's own CA and I was wondering whether I can use this same CA for the old domain (they have trusts in place accross the domains), rather than building a new CA for the old domain, which will only be de-comissioned soon.
ok that's something entirely different; the original question referred to moving the CA which is a different process
i haven't tried a CA between trusted domains so not sure if it would work
i haven't tried a CA between trusted domains so not sure if it would work
With 2008 R2, MS has started to enroll certificates over cross forest trust
However its not possible to migrate CA rom one domain to another as it is domain specific
"You cannot change the name nor the domain of the Certificate Server once Certificate Services is installed"
However its not possible to migrate CA rom one domain to another as it is domain specific
"You cannot change the name nor the domain of the Certificate Server once Certificate Services is installed"
ASKER
My apologies Seth - I didn't express the question appropriately.
My intention (if possible) is to use the new domain's CA as the CA for the old domain as well.
My intention (if possible) is to use the new domain's CA as the CA for the old domain as well.
Look at below guide - Cross Forest Certificate enrollment
http://technet.microsoft.com/en-us/library/ff955842(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/ff955842(v=ws.10).aspx
ASKER
It is possible to re-enroll existing objects from old domain in the new domain CA through group policy?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
the CA is setup for that domain; build a new CA for the other domain