Last Updated on June 7, 2021 by Dishan M. Francis
Windows Server 2008 R2 extended support ended on 1/14/2020. This raised interest in migrating various Windows Server Roles from Windows Server 2008 R2 to latest. I thought it will be useful to do step-by-step guide to migration AD CS role from Windows Server 2008 R2 to Windows Server 2019. We also can use same steps to migrate AD CS role from Windows Server 2012/2012R2/2016.
Demo Setup
The following figure shows the demo environment that I will be using for this particular task.
As illustrated in above, In the demo environment I have 4 servers/pc. The role of each servers/pc as following,
| Host Name | Operating System | Role |
| REBEL-PDC01 | Windows Server 2019 | Primary Domain Controller in rebeladmin.com Active Directory Domain |
| W08CS | Windows Server 2008 R2 | Existing Certificate Authority |
| W19CS | Windows Server 2019 | After AD CS configuration is migrated, this server will become the Certificate Authority in rebeladmin.com domain |
| PC01 | Windows 10 | Test PC |
In here the plan will be to migrate AD CS configuration from existing Windows Server 2008 R2 based certificate authority to newly built server with Windows Server 2019. For the demo purpose the current certificate authority is deployed using single-tier model which means a single server will work as root CA as well as issuing CA. The AD CS migration process mainly contain following steps,
1) Backup configuration of existing Certificate Authority
2) Remove AD CS role from Windows 2008 R2 server
3) Install AD CS role in new Windows 2019 server
4) Restore configuration from previous Certificate Authority
5) Testing
Let’s go ahead and start the process by exporting current CA configuration from W08CS server. [Read more…] about Step-by-Step Guide : Migrating AD CS from Windows Server 2008 R2 to Windows Server 2019