![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 33%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
1,921 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello Raul Guchinife,
Thank you for posting in Q&A forum.
Q: I am going to remove a CA Enterprise server to install a new one.
A: Why are you going to remove a CA Enterprise server to install a new one? Did you want to migrate CA server from lower OS to higher OS? If so, you can migrate CA from old CA server to new server.
1.Certificate Templates are stored in AD Configuration Partition on Domain Controllers.
2.Here are migration steps below (similar steps for different CA server versions).
Step-By-Step: Migrating The Active Directory Certificate Service From Windows Server 2008 R2 to 2019
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-migrating-the-active-directory-certificate-service/bc-p/700730#M270%3FWT.mc_id=ITOPSTALK-blog-abartolo
3.Note: For CA migration, you can use the same host name or different host name, but the CA name must be the same.
4.After that, reissue new certificate to Domain Controller using Directory email replication certificate template you mentioned with new CA server.
5.If you need, reissue all the certificates that issued by old CA using new CA server.
Another method:
1.You can also have two CA servers (the old one and the new one you will install).
2.Reissue new certificate to Domain Controller using Directory email replication certificate template you mentioned with new CA server.
3.If you need, reissue all the certificates that issued by old CA using new CA server.
4.Decommission old Windows enterprise certification authority, but keep all the certificate templates (because certificate templates are stored in AD Configuration Partition on Domain Controllers).
How to decommission a Windows enterprise certification authority and remove all related objects
Hope the information above is helpful.
If you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
==========================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 93%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)