Solved

Need to decomish a Windows 2003 DC that has an Enterprise Root CA

Posted on 2014-03-31
2
467 Views
Last Modified: 2014-03-31
We need to remove an Enterprise Root CA from a Windows 2003 DC so we can replace it with a Windows 2012 DC. We curently have two other Windows 2012 DC's on our domain one of which has the FSMO.
I understand it is best not to install the CA on a DC. so I need to know the steps to complete this process.
0
Comment
Question by:Slingshot51
2 Comments
 
LVL 4

Accepted Solution

by:
aa-denver earned 500 total points
ID: 39966965
Here is a comprehensive link.  

http://technet.microsoft.com/en-us/library/ee126170(v=ws.10).aspx

It is a good thing you asked.  Many people just demote a DC with a CA and then remove it from AD, leaving a mess behind.  The CA has probably been issuing server certs that will break if you do this.

Basically you have to export the CA database and import it to another server that has the same name.   Follow the guidance in this article and you should be OK.

I would encourage you to spin up a test VM environment, Microsoft Hyper-V should be OK.  You can P2V the existing DC CA to that environment and then isolate the test server from the network before turning on the VM copy of the DC.  I always recommend going through a virtual trial run before doing something like this.
0
 

Author Closing Comment

by:Slingshot51
ID: 39967207
Thank you for the information.
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now