Solved

How to remove active directory certificate services sbs 2008 std ?

Posted on 2011-09-13
5
2,961 Views
Last Modified: 2013-12-02
Hello and thank you for taking the time out to read my question.


New server. SBS 2011 STD.
Before bringing the server to work. I connected it at home, created a new domain, named the server and updated the OS.

I brought the server to work today to install and setup.
First I had to change the IP to get the server on the network.
After that I ran DCPROMO.EXE to promote to DC and setup DNS.

I got a message

"Before you can install or remove Active Directory Domain Services, you must remove Active Directory Certificate services."

I open up Certificate Authority certsrv.exe and revoked all issued certificates. I see that they went to the revoked certificates folder, however this did not do the trick. I'm still being asked to  remove Active Directory Certificate services.

Please help, how do i  remove Active Directory Certificate services.

Many thanks in advance.

0
Comment
Question by:loshdog
  • 2
  • 2
5 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 36530531
You DON'T on SBS. it is already a DC as well. You do not run DCPROMO as this is done during the initial install of the OS.

-Cliff
0
 

Author Comment

by:loshdog
ID: 36530589
Hello Cliff

Thank you for your response.

Did i mess things up by setting it up at my house first?
Did DNS get configured or do I need to reconfigure?  I believe that I need to setup the reverse lookup zone and enter ISP dns servers in DNS fowarders?

Just want to make sure I'm on the right track here..

Thank you..
0
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 36530611
SBS uses root hints bu default, not ISP forwarders. You are welcome to set those manually, but SBS does not automate the process. Simply rerun the wizards if you need to make minor changes. Major changes may require a reinstall.

-Cliff
0
 
LVL 10

Accepted Solution

by:
abhijitwaikar earned 250 total points
ID: 36531781
Hi,

You said that you already connected new sbs2011 at home, created a new domain, named the server and updated the OS.
Means you have already promoted SBS 2011 in a new domain? Now question is what exactly you want to achive? Do you want seperate domain in single forest?

you can't run multiple SBS servers in same network.

As per your question "How to remove active directory certificate services sbs 2008 std?" I am considering that CA is installed on SBS2008.

So as per my understanding correct path is below:
1. SBS 2008 domain is already present
2. Install SBS 2011 on new box, join it to existing network.
3. Promote 2011 as DC.
4. Transfer FSMO roles from 2008 to 2011.  (I guess 2008 will not allow you to transfer but give a try other wise you nned to seize them).
5. Certificate Authority is that you really can't transfer the certs. But you can do a backup of them, then remove CA role from 2008 and demote it.
6. Now on  new server 2011,  install CA role on it and restore the Certs to it. (CA will need same server name to restore, If you really do not want CA then skip restore step. Just backup them from old server, remove CA role and demote 2008 thats it)

Regards,
Abhijitw.

0
 

Author Closing Comment

by:loshdog
ID: 36533511
Thank you very much.

This helped a lot..
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now