?
Solved

Need to decomish a Windows 2003 DC that has an Enterprise Root CA

Posted on 2014-03-31
2
Medium Priority
?
489 Views
Last Modified: 2014-03-31
We need to remove an Enterprise Root CA from a Windows 2003 DC so we can replace it with a Windows 2012 DC. We curently have two other Windows 2012 DC's on our domain one of which has the FSMO.
I understand it is best not to install the CA on a DC. so I need to know the steps to complete this process.
0
Comment
Question by:Slingshot51
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Accepted Solution

by:
aa-denver earned 2000 total points
ID: 39966965
Here is a comprehensive link.  

http://technet.microsoft.com/en-us/library/ee126170(v=ws.10).aspx

It is a good thing you asked.  Many people just demote a DC with a CA and then remove it from AD, leaving a mess behind.  The CA has probably been issuing server certs that will break if you do this.

Basically you have to export the CA database and import it to another server that has the same name.   Follow the guidance in this article and you should be OK.

I would encourage you to spin up a test VM environment, Microsoft Hyper-V should be OK.  You can P2V the existing DC CA to that environment and then isolate the test server from the network before turning on the VM copy of the DC.  I always recommend going through a virtual trial run before doing something like this.
0
 

Author Closing Comment

by:Slingshot51
ID: 39967207
Thank you for the information.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question