Solved

Certificates & Domain Controllers

Posted on 2004-08-06
1
237 Views
Last Modified: 2013-12-04
I'm currently trying to demote a DC that is running Certificate Services.

The CA has automatically issued certificates to all of our other domain controllers here at our primary office and at our remote sites, each of which have a DC.  The uses of the certs are listed as "Proves your identity to a remote computer" and "Ensures the identity of a remote computer."  In removing this CA from our network (and I will subsequently be recreating it on another DC), what effect would this have on those our domain (file replication, authentication, etc.)?

Additionally, what would I need to do to mitigate those potentially bad consequences?

The environment is a Windows 2000 Domain in Mixed Mode with an Enterprise CA.  Clients all W2k or XP.

Thanks!
0
Comment
Question by:titan6400
1 Comment
 
LVL 7

Accepted Solution

by:
msice earned 500 total points
ID: 11756000
Is the DC an Enterprise CA or a Enterprise Subordinate CA? If it is an Enterprise CA you should be able to save the certificates and reinstall on another server but you will then need to update the other subordinates to look at the new Enterprise CA as the trusted source of the new certs. You can have more than one Enterprise CA in a domain so you might want to add the new one before removing the old one, but I would do all of this in a test environment first if I were you.
This doc might help you:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/casetup.mspx 
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Flux question 2 98
Mitigation for Win 10 user account bypass 8 93
deny local logon 12 78
UAC Controls - confused 9 75
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now