Blog Post

ITOps Talk Blog

4 MIN READ

Step-By-Step: Migrating The Active Directory Certificate Service From Windows Server 2008 R2 to 2019

Microsoft

Jun 18, 2019

End of support for Windows Server 2008 R2 has been slated by Microsoft for January 14th 2020. Said announcement increased interest in a previous post detailing steps on Active Directory Certificate ...

Updated Jul 09, 2021

Version 9.0

Anthony Bartolo

Windows Server

AnthonyBartolo

Microsoft

Joined December 14, 2017

View Profile

ITOps Talk Blog

Follow this blog board to get notified when there's new activity

Dean Chen

Copper Contributor

Dec 19, 2019

Paul_Adare, Hi Paul, since you own ADCA at MS and know better than anyone else, I have two questions.

We currently have 1 root offline CA and two online CA in AD. They are Windows 2008 R2. I understand there isn't any new certificate templates from Windows 2008 R2 to Windows 2012 R2 CA. After I introduce a new Windows 2016 or Windows 2019 online CA server in AD, are there going to have any new enterprise certificate templates that we should be aware of?

Secondly, which is the best practice recommended by MS? 1) do an in-place OS upgrade from Windows 2008 R2 to Windows 2012 R2 to Windows 2016/2019? or 2) build a new Windows 2016/2019 CA then migrate the CA role from Windows 2008 R2 CA? or either one should be fine?

Thank you!

Dean