Forum Discussion
Solved
Install CA from scratch, already have an existing one
Dear all, I'm moving my domain controller from Windows Server 2012 R2 to Windows Server 2022. I already moved all FSMO roles, DHCP and DNS services. On the old domain controller I also had certifi...
- Yes, you can install the CA role on a new dedicated virtual machine from scratch. it will not affect your joined PCs domain at all.
make sure if you have some templates created before on your CA and you need them on your new CA to mimic them
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.
Yes you're right, our plan is to migrate all domain controllers in all domains to Windows Server 2022 and split DC from CA service.
It's really interesting the opportunity of having a single CA for the whole forest.
Do you have any link for checking how to do it?
Not much is required, as domains will automatically trust each others, and DNS solvers should also do the work. Check required certificate template permissions changes and CA availability requirements on Microsoft documentation.
You may also try to build your forest PKI right now, and slowly migrate your domains on it.
You may also try to build your forest PKI right now, and slowly migrate your domains on it.