1,923 questions
thanks for the answer
but the question is related to adcs ( certificate services) and not adds
thanks in advance
migrate adcs from 2012 to 2019
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 26%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
eg1995
1,156
Reputation points
dears,
ill need your advise on how to proceed with migrating my adcs from 2012 to 2019.
i found many blogs explaining that it will be done using backuo/restore.
but i have 2 questions:
the first one: what should i change if i want ti change the server name of the new adcs after demoting the first one
the second one: i can see that after we backup the db, we are uninstalling the role before installing it on the new server. during this time we wont have a downtime? aw we will be running currently without and adcs? can you advise on this point and we can do to increase the duration time of the certiifcate?
thank you in advance
Windows for business | Windows Server | Devices and deployment | Configure application groups
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous2021-02-01T07:17:21.017+00:00 Hello @eg1995
We are checking in to see if the provided information was helpful. If the reply is helpful, we would appreciate you to accept it as answer.
Please let us know if you would like further assistance. Thanks.
Best Regards,
Hannah Xiong
Sign in to comment
3 answers
Sort by: Most helpful
-
eg1995 1,156 Reputation points
2021-01-26T13:58:57.137+00:00 -
Vadims Podāns 9,186 Reputation points MVP2021-01-26T15:12:28.823+00:00 You must follow official ADCS Migration Guide. It is the only correct and supported way to do this.
what should i change if i want ti change the server name of the new adcs after demoting the first one
migration guide covers changes you need to perform if target server uses different host name.
during this time we wont have a downtime?
you will have a downtime. No certificates, nor CRLs can be signed during migration. It is advised to extend CRL validity prior to demoting old CA to allow clients to validate existing certificates. It is recommended to disable Delta CRLs during transition as well. Go to Revoked Certificates node in CA console, select properties, uncheck Delta CRLs, adjust Base CRL validity (make it 1week at least) and then publish CRLs. Then you can start migration process.
-
Anonymous
2021-01-27T01:40:17.757+00:00 Hello,
Thank you so much for posting here.
Thanks so much for the provided information.
For more information about AD CS migration, we could refer to the below article.
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc742388(v=ws.10)?redirectedfrom=MSDNBest regards,
Hannah Xiong============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.-
eg1995 1,156 Reputation points
2021-01-27T08:29:23.907+00:00 hello
thank you for this article
however, i have one questions my first adcs name is adcs and my new one will be adcs-new as i won't retain the name.
knowing this than adcs link will be pointing to the new hostname. what will happen in this case to the old certificates noting that i am importing the old configuration with the old name.
is there anyway to point the old config to the new name?
thanks again -
eg1995 1,156 Reputation points
2021-01-27T08:32:19.343+00:00 If the target CA's computer name is different from the source CA's computer name, search the file for the host name of the source CA computer. For each instance of the host name found, ensure that it is the appropriate value for the target environment. Change the host name, if necessary. Update the CAServerName value.
i guess i found it i choose customize the reg infos
-
Anonymous
2021-01-29T03:38:44.48+00:00 Hello,
Thank you so much for your feedback.
When migrating a CA, the computer name of the target computer can differ from the computer name of the source computer, but the CA name must stay the same.
Yes, it is mentioned in this article and we found it. Please let us know if you would like further assistance. Thanks.
Best regards,
Hannah Xiong============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Sign in to comment -