Windows Server R2 domain controller level upgrade to Windows Server R2 requires removal of the old DC (WIN08R2), and if the CA certificate is on the old DC, it needs to be migrated to the new DC (WIN12R2) earlier.
The following is the specific process of migration, each step is very detailed, can be used as a reference book.
1. Backup CA
2. Stop the Certificate Server service
net stop CertSvc
3. Backup CA Registry Settings
4. Backing Up CA policy Files
No definition, ignoring
5. Backing Up CA certificate templates
Templates with no special configuration, ignoring
6. Remove the role "Active Directory Certificate Services"
Reboot server, delete successful
7. Copy the backed up CA and CA registry to the new Certificate Server
8. Import the CA root certificate in the new Certificate Server
Import succeeded
9. The new Certificate Server installs the CA Certificate Services role
10. Configure the new Certificate Server certificate service
Import the root certificate of the old Certificate Server backup
11. Configure the new Certificate Server, restore the certificate
12. Stop the Service
net stop CertSvc
13. Import the old Certificate Server backup CA registry
Change the name of the new CA server
Start the service
14. Modify CRL Distribution Points
15. Grant the new Certificate Server control over AIA and CDP
AIA container Add new Certificate Server Full Control permissions
AIA:
Cdp:
Please manage the old Certificate Server control permissions
Now that the Certificate Server has been successfully migrated, let's request a certificate to verify it.
Windows Server R2 Certificate Server migrates Windows Server 2012R2