Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Certification Authority and NPS

Posted on 2013-12-23
3
Medium Priority
?
601 Views
Last Modified: 2013-12-23
Installed Certification Authority and NPS on Windows 2008 R2 domain controller but did not configure NPS Certificate Template and Autoentrollment (never used the installation for RAS/IAS/RADIUS).

Must repurpose the Domain Controller for another use.  Uninstalled Certification Authority role before revoking certificate.

Should I reinstall the Certfication Authority role, select existing certificate and then revoke the certificate before demoting the server to a member server?
0
Comment
Question by:McGruber
  • 2
3 Comments
 
LVL 38

Expert Comment

by:Mahesh
ID: 39736585
Not sure the meaning of "Must repurpose the Domain Controller for another use.  Uninstalled Certification Authority role before revoking certificate"

If you are not using certificate authority, its no need to reinstall CA role again.
You can just delete the certificate.
If you want to move domain controller role from server and retain certificate authority, now just demote DC role to member server as you already have uninstalled CA role and then reinstall CA role.
Its supported. Do not change server hostname, other wise already issued certificates will fail to check CRL (Certificate revocation list)
Also you cannot change CA common name which is stored in active directory

Let me know if any confusion

Mahesh
0
 

Author Comment

by:McGruber
ID: 39736656
The domain controller is being demoted to a member server and then reloaded.  It had CA and NPS installed.  I removed both roles but did not revoke the certificate before I removed the CA role.  The certificate was never used.  How do I cleanly remove the certificate before demoting the DC?
0
 
LVL 38

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39736676
If certificate is not required, just delete it from certificate personnel store on server.

Just launch MMC console on server and add local computer certificates console and from there just delete certificate

Mahesh
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question