Hi All,
Recently I have to upgrade my old Windows 2003 with FSMO roles to Windows 2008 R2 while retaining the hostname and IP address of the old server. I have transferred the FSMO roles to another Win2k8 R2 server. On the old windows 2003 server, it was installed
with CA service. I reviewed the Certificates Stores and found out that all the certificates have expired and there isn't any new pending request for a month so I decide to remove the Certificate Services from the old windows 2003 server and not install any
CS on the Win2k8 R2 server.
I used a combination of the following guides
1. http://technet.microsoft.com/en-us/library/ee126170%28v=ws.10%29.aspx
2. http://support.microsoft.com/kb/555151
This morning, my boss informed me that he want to use LDAP over SSL and want me to setup ADCS in the forest.
Questions:
1. Can I install a new ADCS in my current forest on the same server using back the same hostname and IP? What is the step to do this?
2. Before I remove the Certificate Services from the old DC, I did a backup of the database and config. Is that of any use to me? Can I restore the data back?
3. Is there any other way to enable LDAP over SSL?
4. Assuming in the future I have to upgrade all the DCs from Win2k8 R2 to Win12, for the DCs with the Certificate Services, do I have to go through the process of migration again (The steps to remove the CS is lengthy and troublesome)?
5. Can the ADCS be installed on a Member Server running Win2k8 R2 as DC demotion cannot happen until the ADCS service is remove or migrated for that server?
Hope someone can advise me on this.
Thanks & Regards.