Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Migrating Certificate Services from 2003 to 2012 in 2003 forest ?

Answered Migrating Certificate Services from 2003 to 2012 in 2003 forest ?

All Replies

  • Monday, October 08, 2012 3:00 AM
    Moderator
     
     
    Sign In to Vote
    0
    Hi,

    Thanks for posting in Microsoft TechNet forums.

    I don't think Active Directory Certificate Services can be migrated directly from Server 2003 to Server 2012. Only Server 2008 and Server 2008 R2 can be migrated to Server 2012.

    Please check the article below:

    Active Directory Certificate Services Migration Guide

    http://technet.microsoft.com/en-us/library/ee126170(v=ws.10).aspx

    Have a nice day.

    Regards

    Kevin
     
  • Monday, October 08, 2012 4:15 AM
     
     
    Sign In to Vote
    0
    Thanks Kevin. However the same question applies - if we migrate from 2003 to 2008R2, and then to 2012, will the 2012 enterprise CA be supported (including web services) with a 2003 domain functional level?
    • Edited by Al Nelson Monday, October 08, 2012 4:26 AM
    •  
     
  • Monday, October 08, 2012 5:49 AM
    Moderator
     
     Answered
    Sign In to Vote
    0
    Hi,

    The Windows Server 2012 Enterprise CA can be supported in a domain which has 2003 domain functional level.

    However, a lot of new features of ADCS in Windows Server 2012 can only work while the domain functional level is 2012.

    What's New in AD CS?

    http://technet.microsoft.com/library/hh831373

    Regards

    Kevin
    • Marked As Answer by Al Nelson Thursday, October 11, 2012 12:38 AM
    •  
     
  • Monday, October 08, 2012 7:18 AM
     
     
    Sign In to Vote
    0
    Thankyou. I'm unable to find a matrix listing which features are available at different functional levels? 
     
  • Tuesday, October 09, 2012 2:36 AM
     
     Answered
    Sign In to Vote
    0
    Hi Al,

    As far as I know, features such as "Support for automatic renewal of certificates for non-domain joined computers" and "Enforcement of certificate renewal with same key" can only work with 2012 domain functional level.

    Niko
    • Marked As Answer by Al Nelson Thursday, October 11, 2012 12:38 AM
    •  
     
  • Wednesday, January 16, 2013 2:36 AM
     
     
    Sign In to Vote
    0

    What if you are not migrating from 2003 but rather replacing or moving your PKI, much like Ned Pyle's blog..

    http://blogs.technet.com/b/askds/archive/2010/08/23/3351443.aspx

    Could one then go from 2003 to 2012?  I imagine so?   And if yes, does a 2012 CA require 2012 AD schema extensions?

    Thanks.