Solved

How to remove active directory certificate services sbs 2008 std ?

Posted on 2011-09-13
5
3,008 Views
Last Modified: 2013-12-02
Hello and thank you for taking the time out to read my question.


New server. SBS 2011 STD.
Before bringing the server to work. I connected it at home, created a new domain, named the server and updated the OS.

I brought the server to work today to install and setup.
First I had to change the IP to get the server on the network.
After that I ran DCPROMO.EXE to promote to DC and setup DNS.

I got a message

"Before you can install or remove Active Directory Domain Services, you must remove Active Directory Certificate services."

I open up Certificate Authority certsrv.exe and revoked all issued certificates. I see that they went to the revoked certificates folder, however this did not do the trick. I'm still being asked to  remove Active Directory Certificate services.

Please help, how do i  remove Active Directory Certificate services.

Many thanks in advance.

0
Comment
Question by:loshdog
  • 2
  • 2
5 Comments
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 36530531
You DON'T on SBS. it is already a DC as well. You do not run DCPROMO as this is done during the initial install of the OS.

-Cliff
0
 

Author Comment

by:loshdog
ID: 36530589
Hello Cliff

Thank you for your response.

Did i mess things up by setting it up at my house first?
Did DNS get configured or do I need to reconfigure?  I believe that I need to setup the reverse lookup zone and enter ISP dns servers in DNS fowarders?

Just want to make sure I'm on the right track here..

Thank you..
0
 
LVL 57

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 36530611
SBS uses root hints bu default, not ISP forwarders. You are welcome to set those manually, but SBS does not automate the process. Simply rerun the wizards if you need to make minor changes. Major changes may require a reinstall.

-Cliff
0
 
LVL 10

Accepted Solution

by:
abhijitwaikar earned 250 total points
ID: 36531781
Hi,

You said that you already connected new sbs2011 at home, created a new domain, named the server and updated the OS.
Means you have already promoted SBS 2011 in a new domain? Now question is what exactly you want to achive? Do you want seperate domain in single forest?

you can't run multiple SBS servers in same network.

As per your question "How to remove active directory certificate services sbs 2008 std?" I am considering that CA is installed on SBS2008.

So as per my understanding correct path is below:
1. SBS 2008 domain is already present
2. Install SBS 2011 on new box, join it to existing network.
3. Promote 2011 as DC.
4. Transfer FSMO roles from 2008 to 2011.  (I guess 2008 will not allow you to transfer but give a try other wise you nned to seize them).
5. Certificate Authority is that you really can't transfer the certs. But you can do a backup of them, then remove CA role from 2008 and demote it.
6. Now on  new server 2011,  install CA role on it and restore the Certs to it. (CA will need same server name to restore, If you really do not want CA then skip restore step. Just backup them from old server, remove CA role and demote 2008 thats it)

Regards,
Abhijitw.

0
 

Author Closing Comment

by:loshdog
ID: 36533511
Thank you very much.

This helped a lot..
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
exchange powershell question 5 34
Windows Server Folder Access Control 6 34
How to start a hyper-v in safe mode 5 65
Run Secure WMI query from CentOS 5 29
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Know what services you can and cannot, should and should not combine on your server.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question