I have a couple of questions as I plan my AD CS upgrade from 2008 R2 to 2012 R2, and in the process design a better system. I am starting with a domain controller that runs CS as well and is named CertDC. I'd like to make 2 new servers, which I would call RootCA and SubCA. RootCA will be an off-domain server that only issues keys to SubCA, and SubCA issues keys to everyone on the domain.
SO, I understand that it would be best for me to backup CertDC and restore to a similar issuing server. But since RootCA is a different name AND an offline CA, does that mean I do the following:
1) Make a standalone CA on RootCA - update CRL and AIA distribution points to point to SubCA
2) Make SubCA an enterprise subordinate CA
3) Restore the backup from the old CertDC on SubCA
4) Import a modified reg file that changes the name of the root CA and import that on SubCA
Am I on the right track? Or am I to restore the database to the RootCA server instead?
Thanks for your thoughts!