Migrate Windows Server 2008 R2 Certification Authority to a New Server windows 2012 or 2012 r2 and 2016

24/12/2017

Backup a Windows Server Certification Authority

net stop certsvc and press Enter
CA Registry Settings
Open PowerShell command prompt we opened in the previous instructions, type
reg export HKLM\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration “c:\CAbackup\CAregsettings.reg”
Press ENTER


Certificate Templates
Open PowerShell command prompt, type
certutil.exe –catemplates > “c:\CAbackup\catemplates.txt”replacing “c:\CAbackup\catemplates.txt”
with the correct path and file name for your backup folder
Press Enter
CAPolicy.inf File
If your CA was configured using a CAPolicy.inf file, make sure that you copy this file from the %SystemRoot% directory and the new location on the new server %SystemRoot% directory
Remove the Active Directory Certificate Services Role and Server from the Domain
right-click the PowerShell icon on the desktop taskbar and select Run as Administrator from the context menu
Type Remove WindowsFeature Adcs-Cert-Authority and press Enter

Install and Configure the AD CS Role New server
Open PowerShell console, type Add-WindowsFeature ADCS-Cert-Authority –IncludeManagementTools and press Enter


AD CS role has installed, type Install-AdcsCertificationAuthority –CAType EnterpriseRootCA -CertFile “C:\CAbackup\Yshvili-DC-CA.p12” -CertFilePassword (read-host “yshvili\administrator” -assecurestring) and press Enter  Type the password for the file when prompted then confirm that you want to configure the CA
Restore the CA Database and Registry Settings
Restore the CA Registry Settings
Right-click the PowerShell icon on the desktop taskbar and select Run as Administrator
Now type reg import “c:\CAbackup\CAregsettings.reg” and press Enter
Restore the CA Templates
Right-click the PowerShell icon on the desktop taskbar and select Run as Administrator from the context menu.
In the command prompt type certutil -setcatemplates +DirectoryEmailReplication and press Enter

Reboot server 🙂 done

הוסף תגובה
facebook linkedin twitter email

כתיבת תגובה

האימייל לא יוצג באתר. שדות החובה מסומנים *