• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 383
  • Last Modified:

2003 AD - lots of CAs but none are running can I delete?

Hello!


2003 functional domain.   there are like 10 CA servers listed in sites and services.  None of those servers exist any longer.  Can I just delete them all?  I found this:

http://support.microsoft.com/kb/889250

Can I just follow this, blow out all the CAs and have none?
0
BBQSTEAK
Asked:
BBQSTEAK
2 Solutions
 
AkhaterCommented:
if the CAs doesn't exist anymore and none of the certificates they have once issues are still in use then yes you can delete them wihtout issue
0
 
Kini pradeepCommented:
we had a similar problem, with our domain. when I took over the setup we had three certificate authorities setup by three of the past administrator, each CA as a standalone enterprise CA.

We deleted all of them and came across a problem, the CA is not necessary as long as the certificate is valid, the problem occurs when it expires and comes for a renewal. I would recommend the following option if possible.

1. Backup the Certificate authority & its private keys.
http://support.microsoft.com/kb/298138

2. If you use a virtualization in your environment ( Vmware/ hyper-v etc) convert the CA from Physical-virtual and shutdown the virtual machines. if need you can always start them again -- second option being the most easiest
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now