How to remove automatically certificates from computers in AD.

Posted on 2010-01-11
Medium Priority
Last Modified: 2012-05-08

I noticed last month that domain controllers in our Windows 2000 domain have a certificate from and old server that currently is out of the domain, even I can't find its record in the DNS zone and nobody knows about it, it's like a phantom.

After do some research I know than that certificate isn't used by any application so I think I can remove it from every single machine within the domain as it isn't used by active directory to authenticate user, is this true?.

I followed the steps detailed in the next article http://support.microsoft.com/?scid=kb;en-us;555151&x=2&y=14, but I get stuck on the Domain Controller Cleanup step because I'd like to know if I can remove automattically (GPO, for instance) any certificate issued by the old CA.

Thank you.
Question by:JorgeSimarroVillar
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 24

Accepted Solution

Awinish earned 1000 total points
ID: 26329229
Below link might help you.

Author Comment

ID: 26341638

I' have some questions about that KB.

- The first one is that at the beggining of the script login.bat you can see the line copy %0\..\removeca.vbs c:\RemoveCA, but I think that may be wrong as you can't see removeca.vbs again on that script.

- The second one, Should I change the value of the constant PublicKeyInput for that one of my CA?.

- The third one, why are there so many lines commente on the vbs script?.

- Finally, the last one, Does this script only apply for W2003 Servers?.

Thank you.
LVL 24

Expert Comment

ID: 26360609
M sorry for late reply...Not keeping well...

Speaking truly, i haven't ran this, i just searched & found KB which might help you.

I think give a try as its mentioned in article & see if it works.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question