2003 AD - lots of CAs but none are running can I delete?

Hello!


2003 functional domain.   there are like 10 CA servers listed in sites and services.  None of those servers exist any longer.  Can I just delete them all?  I found this:

http://support.microsoft.com/kb/889250

Can I just follow this, blow out all the CAs and have none?
LVL 1
BBQSTEAKAsked:
Who is Participating?
 
AkhaterConnect With a Mentor Commented:
if the CAs doesn't exist anymore and none of the certificates they have once issues are still in use then yes you can delete them wihtout issue
0
 
Kini pradeepConnect With a Mentor Principal Cloud and security consultantCommented:
we had a similar problem, with our domain. when I took over the setup we had three certificate authorities setup by three of the past administrator, each CA as a standalone enterprise CA.

We deleted all of them and came across a problem, the CA is not necessary as long as the certificate is valid, the problem occurs when it expires and comes for a renewal. I would recommend the following option if possible.

1. Backup the Certificate authority & its private keys.
http://support.microsoft.com/kb/298138

2. If you use a virtualization in your environment ( Vmware/ hyper-v etc) convert the CA from Physical-virtual and shutdown the virtual machines. if need you can always start them again -- second option being the most easiest
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.