本次想把原来安装在GUI上的DC和CA迁移到Server Core上：

首先在Server Core安装第二个DC:

安装第二个Domain Controller:

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

Install-ADDSDomainController -InstallDns -Credential (Get-Credential nip\gazh) -DomainName "nip.pub"

 

转移FSMO角色：

Get-ADForest -Identity nip.pub

Get-ADDomain -Identity nip.pub

Get-ADDomainController  -Identity ni-dc01

Move-ADDirectoryServerOperationMasterRole  -OperationMasterRole PDCEmulator,RIDMaster,InfrastructureMaster -Identity ni-dc01

Move-ADDirectoryServerOperationMasterRole  -OperationMasterRole SchemaMaster,DomainNamingMaster  -Identity ni-dc01

 

 

1. 角色：

Active Directory Certificate Services                                     AD-Certificate

Certification Authority                                                                 ADCS-Cert-Authority

Certificate Enrollment Policy Web Service                          ADCS-Enroll-Web-Pol

Certificate Enrollment Web Service                                       ADCS-Enroll-Web-Svc

Certification Authority Web Enrollment                              ADCS-Web-Enrollment

Network Device Enrollment Service                                      ADCS-Device-Enrollment

Online Responder                                                                          ADCS-Online-Cert

2. 安装CA：

Install-WindowsFeature AD-Certificate,ADCS-Cert-Authority,ADCS-Web-Enrollment

利用备份的CA安装新的企业RootCA：

Install-AdcsCertificationAuthority -CAType EnterpriseRootCA -CertFile C:\CABak\NIP-S-CA.p12 -CertFilePassword (read-host "Set user password" -assecurestring)

配置Certification Authority Web Enrollment

Install-AdcsWebEnrollment

导入注册表配置：

reg import c:\CABak\reg-bak1.reg

 

打开CA 证书模板出错：Template information could not be loaded. Element not found.

打开ADSI Edit: