We have a 2016 domain controller that is also our Enterprise CA server. We need to retire this server so I've built a server 2022 box, which sole purpose will be for the enterprise CA.
while there are plenty of guides with MS and other sources on how to move the CA, I cant seem to find an answer to if the certificate templates are lost when the role is removed from the CA server (in our case a domain controller.)
In the MS guide there is the following information:
the certificate templates settings are stored in Active Directory. They are not automatically backed up. You must manually configure the certificate templates settings on the new XA to maintain the same set of templates.
Does this mean the the new dedicated CA server will be able to see the certificate templates and will be able to add/reissue them?
this is a brief summary of our plan.
-backup CA config on dc01
-remove the CA role from dc01
-add the CA role to the new CA01 (dedicated CA server/non domain controller)
-restore the CA configuration
-reissue the templates?
-demote and retired dc01
please note we have another 3 domain controllers in the domain.