Solved

Need to decomish a Windows 2003 DC that has an Enterprise Root CA

Posted on 2014-03-31
2
477 Views
Last Modified: 2014-03-31
We need to remove an Enterprise Root CA from a Windows 2003 DC so we can replace it with a Windows 2012 DC. We curently have two other Windows 2012 DC's on our domain one of which has the FSMO.
I understand it is best not to install the CA on a DC. so I need to know the steps to complete this process.
0
Comment
Question by:Slingshot51
2 Comments
 
LVL 4

Accepted Solution

by:
aa-denver earned 500 total points
ID: 39966965
Here is a comprehensive link.  

http://technet.microsoft.com/en-us/library/ee126170(v=ws.10).aspx

It is a good thing you asked.  Many people just demote a DC with a CA and then remove it from AD, leaving a mess behind.  The CA has probably been issuing server certs that will break if you do this.

Basically you have to export the CA database and import it to another server that has the same name.   Follow the guidance in this article and you should be OK.

I would encourage you to spin up a test VM environment, Microsoft Hyper-V should be OK.  You can P2V the existing DC CA to that environment and then isolate the test server from the network before turning on the VM copy of the DC.  I always recommend going through a virtual trial run before doing something like this.
0
 

Author Closing Comment

by:Slingshot51
ID: 39967207
Thank you for the information.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question