Link to home
Create AccountLog in
Avatar of jkeegan123
jkeegan123Flag for United States of America

asked on

Domain Controller D.R. - with Certificate Authority


We recently had an issue with a Windows 2008 r2 domain controller, and since we had domain controllers in other sites, rather than troubleshoot this issue further, the domain controller was decommissioned with the intention of promoting from surviving domain controller copies at other sites.

However, after the server was decommissioned with metadata cleanup and this servers roles seized to other domain controllers, it was discovered that this server was the certificate authority ca for the Domain. How can I readd Certificate Services to the domain without in validating existing certificates and services? We do a fair amount of file encrypting and use the encrypting file system.

When we went to add Certificate Services to the new domain controller that was promoted to replace the failed DC, Certificate Services asks if we want to " create a new private key or use an existing one"

What is the best way to proceed without invalidating issued certificates, and to prevent existing encrypted data from becoming un-decryptable?
Avatar of Peter Hutchison
Peter Hutchison
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account