Moving a Certificate Authority (CA) to another Domain Controller

I recently had to demote a DC that was the installed CA that causing a problem. These steps to move the CA to another Domain Controller;

* Start-Run-MMC, Snap-in Certificate Authority,

* Back Up CA from the All Tasks menu,

* Back Up both the Private Key and CA sertificate and Certificate Database and certificate database log,

* Enter the password that will be used to secure the backup

* Export that registry key to their profile path


* Now remove Certificate Services from the DC.


*Add the Certificate Services component,

* Select the type of CA,(Enterprise CA), then “Use custom settings to generate the key pair and CA certificate”

* Select “Use an existing key”

* Select the file and enter the password you set and click OK.

* Wait until the installation is complete

*Stop the Certificate Services

* Import the registry backup.

* Start the Certificate Authority MMC snap-in.

* Restore CA from the All Tasks.

* Enter the password again.

* Click the finish.

* Start the certificate services.

Enis Göktay

Enis Göktay

Enis has more than 15 years of experience in Information Technologies. He holds a Bachelor of Science in Economy and Master of Science degree in Computer Engineering as well as several IT certifications, namely MCITP, MCSE and CISCO Certifications. He has experience from technical support to administering enterprise IT infrastructures including but not limited Active Directory, Messaging Infrastructures, and Networking. Currently, he lives in Istanbul and works as a Sr. Specialist on Microsoft Products, dealing with administration of full life cycle of large, complex, and high available Enterprise IT infrastructures. His certifications include:

:: MCSE Data Platform,
:: MCSE Private Cloud,
:: MCSE Messaging,
:: MCSE Communication,
:: MCSE Server Infrastructure,
:: MCITP Enterprise Messaging on Exchange 2010
:: Microsoft Specialist - Server Virtualization with Windows Server Hyper-V and System Center Specialist
:: MCITP Enterprise Administrator 2008
:: MCITP Windows Server 2008,
:: MCSA: SQL Server,
:: MCSA: Office 365 Certification
:: MCSA Windows Server 2008,
:: MCTS Microsoft Exchange Server 2010, Configuring
:: MCTS Windows Server® 2008 Network Infrastructure, Configuration
:: MCTS Windows Server® 2008 Active Directory, Configuration
:: MCTS Monitoring and Operating a Private Cloud with System Center 2012
:: MCP (Microsoft Certified Professional)
Enis Göktay

Leave a Reply

Your email address will not be published. Required fields are marked *

Post Navigation