• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1094
  • Last Modified:

Decommission domain controller/Certificate Server

I am in an environment that has a Certificate Authority installed on a 2000 domain controller. I am trying to decommission all of the old 2000 domain controllers. Can I DCpromo the 2000 domain controller without affecting its certificate authority role?

I was told that this would be ok, but I am go trying to dcpromo the domain controller and it is telling me that the certificate services need to be uninstalled.
1 Solution
I have no idea who told you that this would be OK. But indeed as you have seen: you need to uninstall the certificate services before you can demote a DC. There is no other way.
This means that you have to set up a new CA and hand out new certificates. Depending on what you use the certificates for this can be a trivial task or be very time consuming. It also depends on your PKI architecture. If this is a subordinate CA you can easily create a new one. If this is your root CA then you'll have to start from zero.

Accept PowerIT's answer and get cracking. There really is nothing more that can be said other than that.  Points to PowerIT!

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now