Re: Move the CA to a server with the same name or different name?

"jprstokato" <> wrote in message
news:97FC06C0-6FB5-4553-B297-...
> In Technet article
> http://technet.microsoft.com/en-us/l.../cc742388.aspx
> on performing a CA migration, in the section 'Option A: Migrate the CA to
> a
> New Host', the article states that "the computer name of the target
> computer
> can differ from the computer name of the source computer, but the CA name
> must stay the same."
>
> In KB 298138 http://support.microsoft.com/default.aspx/kb/298138 on the
> same
> subject of moving a certification authority to another server, it states
> "The
> new server must have the same computer name as the old server"
>
> Both articles are describing the same process. Only difference is that the
> Technet article applies to both Windows Server 2008 (and 2003) Domain
> controllers, and the KB applies to any Windows Server 2000 /2003.
>
> I'm performing Option B: 'Keep the CA on the Original Host and Move the
> Domain Controller' of the technet article, and using Option A as part of a
> rollback plan, if Option B fails to restore the CA to the same server.
>
> Can you tell me if I should therefore can follow the Technet article, and
> restore the CA to a another 32 bit Windows 2003 server in our domain (i.e.
> with a different name).
>
> Many thanks, JPSR.

If you change the name of your CA you break the trust and therefore you
break your CA. You HAVE to keep the CA the same name forever.

This NewsGroup is related to Active Directory, for future questions I would
suggest you post them in the server.security NewsGroup. I have included
them in on this response.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

Many thanks for your reply, and points noted..
(Understood that the The CA name must be the same)
I still need to know whether the name of the 'server' that the CA is moved
to can / should be changed..
Regards, JPSR.

"Paul Bergson [MVP-DS]" wrote:

> "jprstokato" <> wrote in message
> news:97FC06C0-6FB5-4553-B297-...
> > In Technet article
> > http://technet.microsoft.com/en-us/l.../cc742388.aspx
> > on performing a CA migration, in the section 'Option A: Migrate the CA to
> > a
> > New Host', the article states that "the computer name of the target
> > computer
> > can differ from the computer name of the source computer, but the CA name
> > must stay the same."
> >
> > In KB 298138 http://support.microsoft.com/default.aspx/kb/298138 on the
> > same
> > subject of moving a certification authority to another server, it states
> > "The
> > new server must have the same computer name as the old server"
> >
> > Both articles are describing the same process. Only difference is that the
> > Technet article applies to both Windows Server 2008 (and 2003) Domain
> > controllers, and the KB applies to any Windows Server 2000 /2003.
> >
> > I'm performing Option B: 'Keep the CA on the Original Host and Move the
> > Domain Controller' of the technet article, and using Option A as part of a
> > rollback plan, if Option B fails to restore the CA to the same server.
> >
> > Can you tell me if I should therefore can follow the Technet article, and
> > restore the CA to a another 32 bit Windows 2003 server in our domain (i.e.
> > with a different name).
> >
> > Many thanks, JPSR.
>
> If you change the name of your CA you break the trust and therefore you
> break your CA. You HAVE to keep the CA the same name forever.
>
> This NewsGroup is related to Active Directory, for future questions I would
> suggest you post them in the server.security NewsGroup. I have included
> them in on this response.
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup This
> posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>

Already answered. When I speak of name I'm not talking about the dns name,
I'm talking about your machine name.

"If you change the name of your CA you break the trust and therefore you
break your CA. You HAVE to keep the CA the same name forever."


--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"jprstokato" <> wrote in message
news:FBC57A59-841E-43CE-9D2F-...
> Many thanks for your reply, and points noted..
> (Understood that the The CA name must be the same)
> I still need to know whether the name of the 'server' that the CA is moved
> to can / should be changed..
> Regards, JPSR.
>
> "Paul Bergson [MVP-DS]" wrote:
>
>> "jprstokato" <> wrote in message
>> news:97FC06C0-6FB5-4553-B297-...
>> > In Technet article
>> > http://technet.microsoft.com/en-us/l.../cc742388.aspx
>> > on performing a CA migration, in the section 'Option A: Migrate the CA
>> > to
>> > a
>> > New Host', the article states that "the computer name of the target
>> > computer
>> > can differ from the computer name of the source computer, but the CA
>> > name
>> > must stay the same."
>> >
>> > In KB 298138 http://support.microsoft.com/default.aspx/kb/298138 on the
>> > same
>> > subject of moving a certification authority to another server, it
>> > states
>> > "The
>> > new server must have the same computer name as the old server"
>> >
>> > Both articles are describing the same process. Only difference is that
>> > the
>> > Technet article applies to both Windows Server 2008 (and 2003) Domain
>> > controllers, and the KB applies to any Windows Server 2000 /2003.
>> >
>> > I'm performing Option B: 'Keep the CA on the Original Host and Move the
>> > Domain Controller' of the technet article, and using Option A as part
>> > of a
>> > rollback plan, if Option B fails to restore the CA to the same server.
>> >
>> > Can you tell me if I should therefore can follow the Technet article,
>> > and
>> > restore the CA to a another 32 bit Windows 2003 server in our domain
>> > (i.e.
>> > with a different name).
>> >
>> > Many thanks, JPSR.
>>
>> If you change the name of your CA you break the trust and therefore you
>> break your CA. You HAVE to keep the CA the same name forever.
>>
>> This NewsGroup is related to Active Directory, for future questions I
>> would
>> suggest you post them in the server.security NewsGroup. I have included
>> them in on this response.
>>
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>> 2008, 2003, 2000 (Early Achiever), NT4
>>
>> http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup This
>> posting is provided "AS IS" with no warranties, and confers no rights.
>>
>>
>>