troubleshooting Question

Migrating from 2008 R2 Certificate Authority (CA) to a New 2016 CA

Avatar of Will Anderson
Will Anderson asked on
Active DirectoryWindows Server 2008Windows 10AzureWindows Server 2016
7 Comments2 Solutions693 ViewsLast Modified:
We are migrating from an old Windows Server 2008 R2 (Win2K8) Certificate Authority (CA)
to a new Windows Server 2016 CA (Win2K16). In the new plan we would have an
Standalone Root CA (offline) and an Enterprise Subordinate CA (online).

The Subordinate CA will be part of the domain, but the Standalone Root CA will
be a workgroup NOT connected to the domain or network and will eventually be
turned off for safe keeping.

I had to do a Multi-tier or Two-tier approach. One of the requirements were
to copy the Certificate Templates from the old Win2K8 R2 CA to the new Online
Win2K16 CA. They were under the impression we have to copy the modified
Certificate Templates from the old Win2K8 CA to the new Win2K16 CA.

Now correct me if I'm wrong, but I was under the impression all
Certificate Templates live in Active Directory and would be accessible by
the new CA anyways, so there should NOT be any copying of Templates to new
CA. Please clarify.
Michael B. Smith
Managing Consultant

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 2 Answers and 7 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros