Forum Discussion
Migrate root CA from 2019 to 2022
If at all possible, I recommend separating roles. I really don't like having a Certificate Authority or any other role on a Domain Controller. Furthermore, to keep your PKI (CA's etc.) you should have a two tier PKI an offline root CA. For guides I presume you went to Migrating roles and features in Windows Server | Microsoft Learn which lead you to Active Directory Certificate Services Migration Guide for Windows Server 2012 R2 | Microsoft Learn. Which doesn't cover the other services. The important data is kept inside the CA database. So that is the only service that requires a true migration, the other services can just be setup again and point to the migrated CA. There are settings to migrate but no real data.
These links are the latest I found (I know some of them reference 2012 instead of 2022):
Certification Authority Web Enrollment Role Service in Windows Server | Microsoft Learn
Certificate Enrollment Web Services in Active Directory Certificate Services | Microsoft Learn
Certificate Enrollment Policy Web Service Guidance | Microsoft Learn
If at all possible, I recommend separating roles. I really don't like having a Certificate Authority or any other role on a Domain Controller. Furthermore, to keep your PKI (CA's etc.) you should have a two tier PKI an offline root CA. For guides I presume you went to Migrating roles and features in Windows Server | Microsoft Learn which lead you to Active Directory Certificate Services Migration Guide for Windows Server 2012 R2 | Microsoft Learn. Which doesn't cover the other services. The important data is kept inside the CA database. So that is the only service that requires a true migration, the other services can just be setup again and point to the migrated CA. There are settings to migrate but no real data.
These links are the latest I found (I know some of them reference 2012 instead of 2022):
Certification Authority Web Enrollment Role Service in Windows Server | Microsoft Learn
Certificate Enrollment Web Services in Active Directory Certificate Services | Microsoft Learn
Certificate Enrollment Policy Web Service Guidance | Microsoft Learn
