Here are resources and comments about ADCS migration to 2012 R2:
https://windorks.wordpress.com/2014/08/12/migrating-a-microsoft-pki/
http://blog.datacenterfromhell.net/2014/12/migrating-two-tier-microsoft-pki-from.html
Is it possible to cohabit with an old PKI hierarchy and a new PKI in a same Forest?
“Yes you can have multiple root CAs and even multiple PKIs in a single Active Directory forest. Because of the way the objects are representing those CAs are named and stored, you couldn’t possibly experience a conflict unless you tried to give more than one CA the same CA name.”
Why?
USE CASE: the old 2008 R2 AD CS SHA1 hierarchy and the new SHA256 hierarchy running AD CS 2012 R2
Multiple PKI Hierarchies in the Same Environment:
http://www.postseek.com/meta/fe2eee95f5a00bd80ab13f9627e2813b
Step by Step AD CS 2012 R2 two-tier PKI build:
http://kazmierczak.eu/itblog/2012/08/22/the-dos-and-donts-of-pki-microsoft-adcs/
http://www.derekseaman.com/2014/01/windows-server-2012-r2-two-tier-pki-ca-pt-1.html
http://www.derekseaman.com/2014/01/windows-server-2012-r2-two-tier-pki-ca-pt-2.html
http://www.derekseaman.com/2014/01/windows-server-2012-r2-two-tier-pki-ca-pt-3.html
http://www.flexecom.com/deploying-enterprise-pki-on-windows-server-2012-r2/
http://hanygeorge.com/blog/2-tier-pki-on-windows-server-2012step-by-step-guide/
Here are list of other web resources about AD CS:
2013: Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy : http://technet.microsoft.com/en-us/library/hh831348.aspx
AD CS 2008 R2 Installation Getting Started Guide: http://technet.microsoft.com/en-us/library/cc753802(WS.10).aspx
Downloadable, printable job aids which include the most commonly used commands and procedures for administering Server Core installations are available at http://go.microsoft.com/fwlink/?LinkId=151984.
Steps for installing a server role on a Server Core installation of Windows Server 2008 R2:
Unlike Windows Server 2008, Server Core installations of Windows Server 2008 R2 use Dism.exe to install and uninstall most server roles. For more information about Dism.exe, see http://technet.microsoft.com/en-us/library/dd772580(WS.10).aspx.
Installing Windows Features on a server running a Server Core installation of Windows Server 2008 R2: http://technet.microsoft.com/en-us/library/ee441253(WS.10).aspx
Installing AD CS on a Server Core installation of Windows Server 2008 R2: By using PowerShell script: Setup Certification Authority with PowerShell
How to request and install a certificate on a server core: http://social.technet.microsoft.com/Forums/en-US/winservercore/thread/97d388e8-eb88-4744-b47a-938065849deb/
AD CS and PKI Step-by-Steps, Labs, Walkthroughs, HowTo, and Examples:
http://www.microsoft.com/download/en/details.aspx?id=22838
AD CS 2008 step by step: http://technet.microsoft.com/en-us/library/cc772393(WS.10).aspx
http://social.technet.microsoft.com/wiki/contents/articles/4797.aspx
AD PKI 2003 step by step: http://technet.microsoft.com/en-us/library/cc772670(WS.10).aspx
How to configure Certificate based authentication for OWA: http://msexchangeteam.com/archive/2008/10/07/449942.aspx
=> Example Step by Step: http://www.corelan.be/index.php/2008/07/14/windows-2008-pki-certificate-authority-ad-cs-basics/
Checklist: Configuring certificate Auto-Enrollment:
=> http://technet.microsoft.com/en-us/library/cc773385(WS.10).aspx
Checklist: Decommissioning a certification authority
=> http://technet.microsoft.com/en-us/library/cc786938(WS.10).aspx
Troubleshooting: http://technet.microsoft.com/en-us/library/cc758774(WS.10).aspx
ADCS Certificate Templates, how to, best practices and troubleshooting:
http://www.microsoft.com/download/en/details.aspx?id=7429
http://technet.microsoft.com/en-us/library/cc758496(WS.10).aspx
Certificate Services How To… http://technet.microsoft.com/en-us/library/cc737760(WS.10).aspx
French technet articles: http://technet.microsoft.com/fr-fr/library/cc770357(WS.10).aspx
Checklist: Creating a certification hierarchy with an offline root certification authority:
=> http://technet.microsoft.com/en-us/library/cc737834(WS.10).aspx (superseded by: http://social.technet.microsoft.com/wiki/contents/articles/2900.aspx )
ADCS and firewall ports: http://blogs.technet.com/b/pki/archive/2010/06/25/firewall-roles-for-active-directory-certificate-services.aspx
ADCS: Clean CA db
http://blogs.technet.com/b/askds/archive/2010/08/31/the-case-of-the-enormous-ca-database.aspx
ADCS: New Hotfix to fix the CA private key missing from system states backups:
http://support.microsoft.com/kb/2603469
AD CS – Permissions and delegation model:
http://technet.microsoft.com/en-us/library/cc732590.aspx
https://social.technet.microsoft.com/wiki/contents/articles/10942.ad-cs-security-guidance.aspx
AD CS tool to install: PKI smtp exit module
ADCS NDES/SCEP: http://www.microsoft.com/download/en/details.aspx?id=1607
http://www.windowsitpro.com/article/security/setting-up-network-device-enrollment-service-
ADCS CEP/CES: http://www.microsoft.com/download/en/details.aspx?id=1746
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2011/SIM329
AD CS Online Responder Services (OCSP) in a Network: http://www.microsoft.com/download/en/details.aspx?id=17877
http://technet.microsoft.com/en-us/library/cc753468(WS.10).aspx
ADCS deploying cross-forest certificate enrollment:
http://www.microsoft.com/download/en/details.aspx?id=17877
http://technet.microsoft.com/en-us/library/ff955845(WS.10).aspx
ADCS operations tasks: http://technet.microsoft.com/en-us/library/cc771702(WS.10).aspx
ADCS and Powershell: http://blog.powershell.no/2011/01/09/working-with-active-directory-certificate-services-from-windows-powershell/
Codeplex: PKI Powershell module: http://pspki.codeplex.com/
