Windows Server 2008 và sau đó tìm thấy bạn cần phải thêm một bộ điều khiển miền Windows Server 2003 đến tên miền của bạn, bạn có một vấn đề nghiêm trọng. Tương tự như vậy, nếu bạn đã tăng rừng tổ chức của bạn mức chức năng Windows Server 2008 | FIGURE 7-9 Backing up the CA. You can restore a private key and CA certificate by using the CA console or the certutil command. To restore using the CA console right-click the CA select All Tasks and then select Restore CA. This starts the Certification Authority Restore Wizard. You can choose to restore the private key and CA certificate and the certificate database and database log. During the restoration process you are asked for the password that was supplied when the original backup of the private key and CA certificate was taken. AD CS is stopped while you are performing the restoration process and restarts automatically after the restoration is successful. If the restoration process is unsuccessful you must restart AD CS manually. To restore AD CS from the command line issue the certutil -restore BackupDirectory command. If you are restoring Certificate Services from scratch on a new computer with the same name as the original CA first import the CA certificate and private key to the local machine store and verify that is imported to the Winddir folder. Add the AD CS role selecting Use Existing Private Key and the original CA s certificate. MORE INFO MORE ON CA BACKUP AND RECOVERY For more on archiving encryption keys consult Chapter 14 Planning and Implementing Disaster Recovery in Windows Server 2008 PKI and Security by Brian Komar Microsoft Press 2008 . 360 CHAPTER 7 Active Directory Certificate Services EXAM TIP Remember which steps you must perform before you take a standalone root CA offline. PRACTICE Installing a CA and Assigning Administrative Roles In this practice you install an enterprise root CA in the domain and then configure a key recovery agent. EXERCISE 1 Install an Enterprise Root CA In this exercise you install Active Directory Certificate Services on server Glasgow. Glasgow then functions as an enterprise root CA. 1. Log on to server Glasgow using the Kim_Akers user account. 2. Open the Server Manager .