there is no dependency between OS on domain controllers and CA servers. One thing you should consider -- CA and DC roles should not be installed on same machine.
PKI on 2012 servers with 2019 Domain controllers
Hi,
We currently have a 2012 AD domain with PKI on 2012 servers. We are looking at upgrading the AD domain to 2019, can we leave the PKI services on the existing 2012 servers or does this need to be migrated to 2019 servers the same as the new Domain
Im not sure if theres any compatibility issues between the both if they are on different OS
Thanks in advance!
2 additional answers
Sort by: Most helpful
-
Thameur-BOURBITA 32,636 Reputation points
2020-11-21T13:01:17.393+00:00 Hi,
You don't need to migrate PKI on 2012 to another OS , to be able to upgrade the domain controller to Windows 2019.
a Domain controller on windows 2019 support a member server on Windows server 2012.
Please don't forget to mark this reply as answer if it help you to fix your issue
-
Fan Fan 15,326 Reputation points Microsoft Vendor
2020-11-23T02:50:47.537+00:00 Hi,
Based on my research, we don't need to migrate the CA from the member server to the 2019 DC when you upgrade the DCs.
Just keep the CA on the member server.
If you also want to upgrade the CA server , you can consider migrate it to a 2019 member server ,not necessary to a DC.
https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-migrating-the-active-directory-certificate-service/ba-p/697674Best Regards,