Windows 2003 AD Upgrade to Windows-Ad CA Server Migration

Source: Internet
Author: User

Windows 2003 AD Upgrade to Windows-Ad CA Server Migration

In the previous blog post we showed you how to upgrade Windows 2003 AD to Windows AD and the migration of the upgraded DHCP server, and today we will continue to introduce you to Windows 2003 AD upgrade to Windows 2012 After the ad, the CA server is migrated. Okay, nonsense, we're starting to experiment:

The original CA server is created on a Windows 2003 domain controller, and after the domain controller is migrated, the CA server data needs to be migrated. The idea of migration is to save the CA data on Windows 2003 and then rename and format the Windows 2003 down-domain. Install the CA service on the new domain controller and import the original CA backup data.

To record a certificate template:

Because the certificate template content is not included when you back up the certificate, you need to manually record the certificate template. Certificate templates are saved in the certification authority

Click Start----Management tool:

650) this.width=650; "Width=" 575 "height=" 484 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M02/6E/32/wKiom1V2OROjmoGJAAJsybLQVo4224.jpg" border= "0"/>

Click Certification Authority:

650) this.width=650; "Width=" 644 "height=" 452 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M00/6E/2E/wKioL1V2OreD-WTiAAGbycVI3u8039.jpg" border= "0"/>

Click on the certificate template to see all of our current certificate templates, which we need to record manually.

To back up the certificate database:

As shown in the Certificate Server Management console, right-Wyz, click All Tasks:

650) this.width=650; "Width=" 644 "height=" 451 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M01/6E/2E/wKioL1V2OriCGzVWAAFHHwGcnz4279.jpg" border= "0"/>

Click Backup CA:

650) this.width=650; "Width=" 644 "height=" 466 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M02/6E/2E/wKioL1V2Oriw-Xa-AAHU5oorgS0763.jpg" border= "0"/>

You can see the system pops up the CA Backup Wizard and click Next:

650) this.width=650; "Width=" 644 "height=" 471 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M00/6E/32/wKiom1V2ORWw5bKaAAGnHBHZzi4537.jpg" border= "0"/>

Here we tick "private key and CA certificate" and "certificate database and certificate database log" and after setting up a backup path, click Next:

650) this.width=650; "Width=" 644 "height=" 468 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M00/6E/32/wKiom1V2ORawroAIAAGBpvOh6FI266.jpg" border= "0"/>

Enter the password encrypted for the CA here and click Next:

650) this.width=650; "Width=" 644 "height=" 463 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M01/6E/32/wKiom1V2ORfzZkqMAAID6dFQk44099.jpg" border= "0"/>

Confirm the error, click Finish, our CA is complete backup!

To back up your registry:

Run Regedit on the CA server:

650) this.width=650; "Width=" 644 "height=" 442 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M01/6E/2E/wKioL1V2OrrAsjICAAEgUYaonB8855.jpg" border= "0"/>

Navigate to Local_machine

650) this.width=650; "Width=" 644 "height=" 443 "title=" image "style=" margin:0px;padding-top:0px;padding-right:0px; Padding-left:0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; " alt= "image" Src= "http://s3.51cto.com/wyfs02/M00/6E/2E/wKioL1V2OrvB9p3qAAEY2Qxs-RI902.jpg" border= "0"/>

Navigate to System

650) this.width=650; "Width=" 644 "height=" 442 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M00/6E/32/wKiom1V2ORjAj2b8AAFe6a1Lo08020.jpg" border= "0"/>

Navigate to: CurrentControlSet

650) this.width=650; "Width=" 644 "height=" 443 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M01/6E/32/wKiom1V2ORmzF53EAAHhDnTFRXc202.jpg" border= "0"/>

Navigate to: Services:

650) this.width=650; "Width=" 644 "height=" 442 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M00/6E/2E/wKioL1V2 Or2 hm_s5aahojbrzheu950.jpg" border= "0"/>

Navigate to: Certsrv:

650) this.width=650; "Width=" 644 "height=" 442 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M00/6E/32/wKiom1V2ORvgGgscAAJYU-UnM1o194.jpg" border= "0"/>

Navigate to: Configuration:

650) this.width=650; "Width=" 644 "height=" 383 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M02/6E/32/wKiom1V2ORzDjcaXAAJBYuYIwOA888.jpg" border= "0"/>

right mouse button configuration:

650) this.width=650; "Width=" 644 "height=" 469 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M02/6E/2E/wKioL1V2OsDDgvoCAAKaSB4-1RA533.jpg" border= "0"/>

Click "Export" to export the registry key value as a file save.

To restore a CA:

Install the CA role on Windows R2:

Open the Windows R2 Server Manager:

650) this.width=650; "Width=" 644 "height=" 435 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M00/6E/2E/wKioL1V2OsDxbF33AAGIcI1U448382.jpg" border= "0"/>

Click Add Roles or Features:

650) this.width=650; "Width=" 644 "height=" 456 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M00/6E/32/wKiom1V2OR7gy4kTAAHyJpX7E0k422.jpg" border= "0"/>

Tick Certificate Services and click Next:

650) this.width=650; "Width=" 644 "height=" 457 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M01/6E/2E/wKioL1V2OsKjyABIAAGMYu7waYY161.jpg" border= "0"/>

Tick "certification Authority" and "certification authority Web enrollment" and click Next:

650) this.width=650; "Width=" 644 "height=" 457 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M01/6E/32/wKiom1V2OR-Bs8yLAAHpN7fVyx0579.jpg" border= "0"/>

Confirm the error and click Install.

650) this.width=650; "Width=" 644 "height=" 458 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M02/6E/2E/wKioL1V2OsPTrVDQAAHWGYiNQvs193.jpg" border= "0"/>

Installation is complete, the system prompts us to configure, we click "Configure Certificate Services on the target server":

650) this.width=650; "Width=" 644 "height=" 473 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M02/6E/32/wKiom1V2OSCS3YQVAAF-rCK7te4221.jpg" border= "0"/>

System Popup Configuration Wizard, we confirm that the credentials are not a problem, click Next:

650) this.width=650; "Width=" 644 "height=" 470 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M00/6E/32/wKiom1V2OSHy66VXAAExWSH4rrk254.jpg" border= "0"/>

Check here for "certification authority" and "certification authority OH Web enrollment" and click Next:

650) this.width=650; "Width=" 644 "height=" 471 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M01/6E/2E/wKioL1V2OsXSEjsqAAGXM4a00Iw569.jpg" border= "0"/>

Select "Enterprise CA" and click Next:

650) this.width=650; "Width=" 644 "height=" 471 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M02/6E/32/wKiom1V2OSKQ0sV5AAGm3u2YbnQ346.jpg" border= "0"/>

Select "Follow Ca" to click Next:

650) this.width=650; "Width=" 644 "height=" 470 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M01/6E/32/wKiom1V2OSPT7dU1AAHGtFIW8YY452.jpg" border= "0"/>

Note: Since we are migrating the CA to the secondary server, here we need to select "Use an existing private key"----"Select a certificate and use its associated private key" and click Next:

650) this.width=650; "Width=" 644 "height=" 473 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M01/6E/32/wKiom1V2OSOyjfFwAAF6oCPJxIs991.jpg" border= "0"/>

Here, click Import:

650) this.width=650; "Width=" 564 "height=" 484 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M01/6E/32/wKiom1V2OSSCbshjAAF4VwQFzVc769.jpg" border= "0"/>

Enter the path of our CA private key here and enter the password that our backup CA is using, click OK:

650) this.width=650; "Width=" 644 "height=" 470 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M00/6E/2E/wKioL1V2Osey9t1tAAGXFFE_PnE406.jpg" border= "0"/>

You can see that our CA has been imported successfully, click Next:

650) this.width=650; "Width=" 644 "height=" 471 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M01/6E/2E/wKioL1V2OsjQY1Y5AAGKcUZEFgo742.jpg" border= "0"/>

Ok no problem, click Configure:

650) this.width=650; "Width=" 644 "height=" 473 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M01/6E/32/wKiom1V2OSXC5FgFAAE4wlMbd8s270.jpg" border= "0"/>

OK, configuration successful, click Close.

Restore the registry file:

Copy the backup registry file to the new CA server:

650) this.width=650; "Width=" 644 "height=" 415 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M02/6E/2E/wKioL1V2OsnhvwOhAAGyIAqG44c543.jpg" border= "0"/>

As you can see, the registry file is currently successfully copied to the new CA server, and we double-click Install:

650) this.width=650; "Width=" 644 "height=" 207 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M00/6E/2E/wKioL1V2OsnB7zlDAADuygqa53M964.jpg" border= "0"/>

Click Yes:

650) this.width=650; "Width=" 644 "height=" 221 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M00/6E/32/wKiom1V2OSaTxYpPAADnNJFFmx0456.jpg" border= "0"/>

OK, we can see that we have added success.

To restore the CA database:

Open the management console for the new CA server:

650) this.width=650; "Width=" 644 "height=" 448 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M01/6E/2E/wKioL1V2OsqRE3WgAAD9OzATh4I839.jpg" border= "0"/>

Right-Wyz, then click All Tasks:

650) this.width=650; "Width=" 644 "height=" 448 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M01/6E/32/wKiom1V2OSeCXdwRAAFL3Dwi5pU556.jpg" border= "0"/>

Click Restore CA:

650) this.width=650; "Width=" 555 "height=" 484 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M02/6E/2E/wKioL1V2OsuSOELRAAFYQv-moLk391.jpg" border= "0"/>

Click Next:

650) this.width=650; "Width=" 556 "height=" 484 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M02/6E/2E/wKioL1V2Oszif8OXAAFsOq6sSTQ448.jpg" border= "0"/>

Tick "Private key and CA certificate" and "certificate database and certificate database log" and specify the location where you want to recover the file, click Next:

650) this.width=650; "Width=" 559 "height=" 484 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M00/6E/2E/wKioL1V2OszQ25CTAAEasfF7s8U531.jpg" border= "0"/>

Enter the password you used to back up the CA database and click Next:

650) this.width=650; "Width=" 554 "height=" 484 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M00/6E/32/wKiom1V2OSqjZMMqAAFpK1aqXuw810.jpg" border= "0"/>

Confirm, click Finish

To restore a certificate template:

Finally, the certificate issuance template needs to be rebuilt manually. Refer to the content of the certificate template recorded at the time of backup, and adjust the certificate template to match the pre-backup. After the certificate issuance template rebuild is complete, the CA server recovery operation is complete.

650) this.width=650; "Width=" 644 "height=" 448 "title=" image "style=" Padding-top:0px;padding-right:0px;padding-left : 0px;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;background-image:none; "alt=" image "src = "Http://s3.51cto.com/wyfs02/M01/6E/2E/wKioL1V2Os7D3RsvAAIKtQSjPUQ851.jpg" border= "0"/>

The certificate template restore is complete.

OK, here we CA Server Upgrade experiment to the end of the success! If you have any friends who do not know where to comment questions!

This article from "Mr, Wu's Microsoft Blog" blog, reproduced please contact the author!

Windows 2003 AD upgrade to the Windows-Ad CA Server Migration

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.