Pop Quiz: Migrating Certificate Services on Windows Server 2008 R2
Applies to the "Configuring Active Directory Certificate Services" objective of Exam 70-640: Windows Server 2008, Server Administrator.
Q: A company's server administrator needs to migrate certificate services from an aging Windows 2003 server to a newly installed Windows 2008 server. The administrator has added the Active Directory Certificate Services role on the new Windows 2008 server. What steps should the administrator take next? (Choose all that apply.)
- Export the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration registry key.
- Use the Certification Authority snap-in and choose restore.
- Specify the same location as the previous server for the certificate database.
- Configure the server as a standalone or enterprise server.
Answer and explanation is below.
Answer is B, C, D: The Certification Authority snap-in can be used to restore a certificates database to a new server after it has been copied from another server when the backup option was used. The certificates database must be restored to the same directory path location where it was located on the previous server. Configuring the new server as a standalone or enterprise server is required for the correct role in a certificates services deployment.
Quick Tip: A Windows Active Directory domain is required when configuring a server as an enterprise CA server. Exporting the registry key needs to be completed on the previous server and then imported on the new server.
Bonus Question: Which Windows 7 licensing technology MKS or MAK is the best choice for an organization with 25 desktops? (Tweet your answer with #pop640c and get a chance to win a rare MCPmag.com baseball cap! Deadline for entries is Monday, October 8.)
Answer to bonus question from last time: The Active Directory Certificate Services role needs to be installed to provide customizable services for creating and managing public key certificates used in software security systems employing public key technologies.
Andy Barkl, CCNP, CCDP, CISSP, MCT, MVP, MCDST, MCSE: Security, MCSA: Security, MCSA: Messaging A+, CTT+, i-Net+, Network+, Security+, Server+, CNA, has over 20 years of experience in the IT field. He's the owner of MCT & Associates LLC, a technical training and consulting firm in Phoenix, Arizona. He enjoys dividing his time between teaching in the classroom, writing from his office and consulting on Cisco and Windows deployments. He's also the online editor for MCPMag.com, TCPMag.com, CertCities.com, and a contributing author and editor for Sybex and Cisco Press. He hosts a multitude of exam preparation chats monthly on MCPmag.com and CertCities.com.