?
Solved

Certification Authority and NPS

Posted on 2013-12-23
3
Medium Priority
?
593 Views
Last Modified: 2013-12-23
Installed Certification Authority and NPS on Windows 2008 R2 domain controller but did not configure NPS Certificate Template and Autoentrollment (never used the installation for RAS/IAS/RADIUS).

Must repurpose the Domain Controller for another use.  Uninstalled Certification Authority role before revoking certificate.

Should I reinstall the Certfication Authority role, select existing certificate and then revoke the certificate before demoting the server to a member server?
0
Comment
Question by:McGruber
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39736585
Not sure the meaning of "Must repurpose the Domain Controller for another use.  Uninstalled Certification Authority role before revoking certificate"

If you are not using certificate authority, its no need to reinstall CA role again.
You can just delete the certificate.
If you want to move domain controller role from server and retain certificate authority, now just demote DC role to member server as you already have uninstalled CA role and then reinstall CA role.
Its supported. Do not change server hostname, other wise already issued certificates will fail to check CRL (Certificate revocation list)
Also you cannot change CA common name which is stored in active directory

Let me know if any confusion

Mahesh
0
 

Author Comment

by:McGruber
ID: 39736656
The domain controller is being demoted to a member server and then reloaded.  It had CA and NPS installed.  I removed both roles but did not revoke the certificate before I removed the CA role.  The certificate was never used.  How do I cleanly remove the certificate before demoting the DC?
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39736676
If certificate is not required, just delete it from certificate personnel store on server.

Just launch MMC console on server and add local computer certificates console and from there just delete certificate

Mahesh
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question