Migrating or Importing Certificates from one Domain Controller to another


  • I am in the process of migrating our Domain Controllers from 2003 Sp2 to 2008 R2. For the migration we need to add 2 2008 R2 Domain Controllers to the 2003 Domain.  Once the 2 Domain Controllers have been added, we have to demote the 2 2003 DCs and re-name the recently promoted 2008 DCs to the same name that the demoted 2003 ones had.

    Part of my question lies with how to migrate the certificates.  I've read about creating the Certificate inf file and using the certreq -new servername command to create the request file.This information I found at    Can I use the old 2008DC name when configuring this and then edit it later to match one of the 2003 names?  We are essentially joing 2 new 2008 DCs,  importing the existing certs off of the old 2003 DCs and then re-naming the 2003 DCs to the 2008 ones.  I know this is probably confusing but hard to explain

    I'm just not sure if I can configure the certificates with the current 2008 DC name and then change it later to the 2003 name.  


    Friday, November 01, 2013 2:39 PM


All replies