Microsoft - AD CS Migration: Migrating the Certification Authority

here is official Microsoft article that help us to backup and migrate CA in Microsoft domain

i take note of this article in case it would be useful for someone and for personal public notes.

Here they are majors arguments:


  • Backing up a CA database and private key 

  • Backing up CA registry settings 

  • Backing up CAPolicy.inf 

  • Removing the CA role service from the source server 

  • Removing the source server from the domain 

  • Joining the destination server to the domain 

  • Adding the CA role service to the destination server 

  • Restoring the CA database and configuration on the destination server 

  • Granting permissions on AIA and CDP containers 

  • Additional procedures for failover clustering (optional)



https://technet.microsoft.com/en-us/library/ee126140(v=ws.10).aspx#BKMK_GrantPermsAIA