I have discovered that we have a CA running on our GC server. Does anyone know if there are any default certificate dependencies ionvolved in a 2003 native forest? I can see that we're also doing IAS for wireless and VPN autentication and so the certs may be for a combination of that and other IIS certs but..... I'm afraid to move it to a new server. SOme of the certs appear to be issued to other AD integrated DC's. I can't remember if AD uses certs for anything or if it was all added after the fact. Second question: does a CA and or IAS need to run on a DC for any reason? Thanks to all!!!