should i transfer AD Certificate Services?

Hi Experts!

I am going to demote and decommission and old 2008 R2 server after transferred fsmo role and DHCP, but I found in the server role there is one called "Active Directory Certificate Services" installed on the old server, I believe it is installed by their previous IT but not sure what should i do with it.

What is it for? am i able to decommission the server without uninstalling it? if I have to transfer it, what is the procedure please? the new server is 2016 with all fsmo role on it.
2018-05-02-12_11_26-MAINSERVER---MUL.png
Thanks!
LVL 11
manav08Asked:
Who is Participating?
 
yo_beeConnect With a Mentor Director of Information TechnologyCommented:
He installed the Cert Role and configured a Domain Root CA server.  If this is issuing Certs to your environment you will need to move the role to a new server. From the screenshot I do see recently renewed certs by your Mainserver, which I have to figure is the one you are decommissioning

This link will help you with moving the cert role.  It is for 2003 to 2012, but it is the same for newer servers.
https://blogs.technet.microsoft.com/canitpro/2014/11/11/step-by-step-migrating-the-active-directory-certificate-service-from-windows-server-2003-to-2012-r2/

Decommissioning if not needed in your environment:
https://support.microsoft.com/en-us/help/889250/how-to-decommission-a-windows-enterprise-certification-authority-and-r

I would feel safe decommissioning this role.
0
 
manav08Author Commented:
Thanks @yo_bee , i have exported the role and saved it somewhere else in case we need to install it at some point.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.