Our company is endeavoring to encrypt our laptops with EFS. During this testing phase, I have been researching it like crazy, trying to learn what not to do and how to retrieve files when things go wrong. One of the things that I came across is backing up your Recovery AgentÃƒÂ¢Ã‚Â€Ã‚Â™s Private Key.
While researching this via KB241201 http://support.microsoft.com/kb/241201/EN-US/
I learned that when doing this over the domain, the key is located on *the first domain controller in the domain under the built-in Administrator profile*. My test domain properly had this certificate.
However, on my live domain, I cannot seem to locate it. Here is a quick history of our First Domain Controller: We were once an NT4 domain with an obsolete PDC. When we upgraded from NT4 to 2003, we upgraded the NT4 PDC and then added some newer DCs to the mix. After all was well, we transferred the role of the PDC emulator to one of the new DCs and disjoined the obsolete server.
So according to this, our First Domain Controller is no more. I have looked for this on our PDC and cannot find the certificate that the KB article refers to. It just isnÃƒÂ¢Ã‚Â€Ã‚Â™t there.
Luckily, I have not deployed EFS to any live machines in the Live domain, but to only one test machine on the Live domain. So if there is a way of recreating a new Certificate, I would only loose one machine that I donÃƒÂ¢Ã‚Â€Ã‚Â™t care about.
If anyone can point me in the right direction it would be greatly appreciated.
In advance, I thank all who provide help.