Solved

How to remove active directory certificate services sbs 2008 std ?

Posted on 2011-09-13
5
3,034 Views
Last Modified: 2013-12-02
Hello and thank you for taking the time out to read my question.


New server. SBS 2011 STD.
Before bringing the server to work. I connected it at home, created a new domain, named the server and updated the OS.

I brought the server to work today to install and setup.
First I had to change the IP to get the server on the network.
After that I ran DCPROMO.EXE to promote to DC and setup DNS.

I got a message

"Before you can install or remove Active Directory Domain Services, you must remove Active Directory Certificate services."

I open up Certificate Authority certsrv.exe and revoked all issued certificates. I see that they went to the revoked certificates folder, however this did not do the trick. I'm still being asked to  remove Active Directory Certificate services.

Please help, how do i  remove Active Directory Certificate services.

Many thanks in advance.

0
Comment
Question by:loshdog
  • 2
  • 2
5 Comments
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 36530531
You DON'T on SBS. it is already a DC as well. You do not run DCPROMO as this is done during the initial install of the OS.

-Cliff
0
 

Author Comment

by:loshdog
ID: 36530589
Hello Cliff

Thank you for your response.

Did i mess things up by setting it up at my house first?
Did DNS get configured or do I need to reconfigure?  I believe that I need to setup the reverse lookup zone and enter ISP dns servers in DNS fowarders?

Just want to make sure I'm on the right track here..

Thank you..
0
 
LVL 57

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 36530611
SBS uses root hints bu default, not ISP forwarders. You are welcome to set those manually, but SBS does not automate the process. Simply rerun the wizards if you need to make minor changes. Major changes may require a reinstall.

-Cliff
0
 
LVL 10

Accepted Solution

by:
abhijitwaikar earned 250 total points
ID: 36531781
Hi,

You said that you already connected new sbs2011 at home, created a new domain, named the server and updated the OS.
Means you have already promoted SBS 2011 in a new domain? Now question is what exactly you want to achive? Do you want seperate domain in single forest?

you can't run multiple SBS servers in same network.

As per your question "How to remove active directory certificate services sbs 2008 std?" I am considering that CA is installed on SBS2008.

So as per my understanding correct path is below:
1. SBS 2008 domain is already present
2. Install SBS 2011 on new box, join it to existing network.
3. Promote 2011 as DC.
4. Transfer FSMO roles from 2008 to 2011.  (I guess 2008 will not allow you to transfer but give a try other wise you nned to seize them).
5. Certificate Authority is that you really can't transfer the certs. But you can do a backup of them, then remove CA role from 2008 and demote it.
6. Now on  new server 2011,  install CA role on it and restore the Certs to it. (CA will need same server name to restore, If you really do not want CA then skip restore step. Just backup them from old server, remove CA role and demote 2008 thats it)

Regards,
Abhijitw.

0
 

Author Closing Comment

by:loshdog
ID: 36533511
Thank you very much.

This helped a lot..
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question