We have a CA here and its our PDC as well. I know you cant export/import the CA unless you keep the same server name but I was wondering if I created and set a new CA how would I ensure the clients get the new certificate other then rejoining them all?
We dont actually use the cert/CA for much but I would like the clients to get a new cert when they boot ideally.
Funny you mention this - I've had to move a CA before now.
All you need do is export the certs you want to keep from the old CA (not the root cert) - put a new CA on another server.
Have the new CA make a new root cert - then via Group Policies it (by default) will import root CA's, I think there's a setting somewhere that tells it where to import the master CA from - but right now I can't find it.
Be sure to decomission (remove) your old CA though once your new CA is working okay - or better still... just switch your old CA off (if you can).
Hope this helps - thanks for kicking FastHosts into line :)
Thanks we are finally almost at 100% restored now.
We will be just switching off the old CA. When you made your new CA I take it you had a different server name?
What happens to clients that have a cert issued from the old CA which you dont export?