Solved

Certificates & Domain Controllers

Posted on 2004-08-06
1
240 Views
Last Modified: 2013-12-04
I'm currently trying to demote a DC that is running Certificate Services.

The CA has automatically issued certificates to all of our other domain controllers here at our primary office and at our remote sites, each of which have a DC.  The uses of the certs are listed as "Proves your identity to a remote computer" and "Ensures the identity of a remote computer."  In removing this CA from our network (and I will subsequently be recreating it on another DC), what effect would this have on those our domain (file replication, authentication, etc.)?

Additionally, what would I need to do to mitigate those potentially bad consequences?

The environment is a Windows 2000 Domain in Mixed Mode with an Enterprise CA.  Clients all W2k or XP.

Thanks!
0
Comment
Question by:titan6400
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 7

Accepted Solution

by:
msice earned 500 total points
ID: 11756000
Is the DC an Enterprise CA or a Enterprise Subordinate CA? If it is an Enterprise CA you should be able to save the certificates and reinstall on another server but you will then need to update the other subordinates to look at the new Enterprise CA as the trusted source of the new certs. You can have more than one Enterprise CA in a domain so you might want to add the new one before removing the old one, but I would do all of this in a test environment first if I were you.
This doc might help you:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/casetup.mspx 
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question