End of support for Windows Server 2008 R2 has been slated by Microsoft for January 14th 2020. Said announcement increased interest in a previous post detailing steps on Active Directory Certificate Service migration from server versions older than 2008 R2. Many subscribers of ITOpsTalk.com have reached out asking for an update of the steps to reflect Active Directory Certificate Service migration from 2008 R2 to 2016 / 2019 and of course our team is happy to oblige.
Step 1: Backup Windows Server 2008 R2 certificate authority database and its configuration
Step 2: Backup CA Registry Settings
Backup of the Certificates is now complete and the files can now be moved to the new Windows 2016 / 2019 server.
Step 3: Uninstall CA Service from Windows Server 2008 R2
Step 4: Install Windows Server 2016 / 2019 Certificate Services
*NOTE: The new 2016 / 2019 server needs to have the same "Name" as this point. The screenshots below show the server name as WS2019 to highlight which server we are working on. This step-by-step highlights screenshots from Windows Server 2019. Windows Server 2016 process is the same with similar screenshots
Step 5: Configure AD CS
In this step will look in to configuration and restoring the backup created previously
Step 6: Restore CA Backup
Step 7: Restore Registry info
Step 8: Reissue Certificate Templates
It is now time to reissue the certificate with the migration process now complete.
This concludes the Active Directory Certificate Service migration steps
The following video also shares steps surrounding this process as well as migrating DNS.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.