2003 AD - lots of CAs but none are running can I delete?

Posted on 2011-03-24
Medium Priority
Last Modified: 2012-05-11

2003 functional domain.   there are like 10 CA servers listed in sites and services.  None of those servers exist any longer.  Can I just delete them all?  I found this:


Can I just follow this, blow out all the CAs and have none?
Question by:BBQSTEAK
LVL 49

Accepted Solution

Akhater earned 1600 total points
ID: 35211309
if the CAs doesn't exist anymore and none of the certificates they have once issues are still in use then yes you can delete them wihtout issue
LVL 13

Assisted Solution

by:Kini pradeep
Kini pradeep earned 400 total points
ID: 35213811
we had a similar problem, with our domain. when I took over the setup we had three certificate authorities setup by three of the past administrator, each CA as a standalone enterprise CA.

We deleted all of them and came across a problem, the CA is not necessary as long as the certificate is valid, the problem occurs when it expires and comes for a renewal. I would recommend the following option if possible.

1. Backup the Certificate authority & its private keys.

2. If you use a virtualization in your environment ( Vmware/ hyper-v etc) convert the CA from Physical-virtual and shutdown the virtual machines. if need you can always start them again -- second option being the most easiest

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The Exchange database may sometimes fail to mount owing to various technical reasons. A dismounted EDB file can be the source of many Exchange errors including mailbox inaccessibility for users. Resolving the root cause of mounting problems becomes …
If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question