<div>
<div class="content wysiwyg-content">
Hello, <br />
<br />
We recently had an issue with a Windows 2008 r2 domain controller, and since we had domain controllers in other sites, rather than troubleshoot this issue further, the domain controller was decommissioned with the intention of promoting from surviving domain controller copies at other sites. <br />
<br />
However, after the server was decommissioned with metadata cleanup and this servers roles seized to other domain controllers, it was discovered that this server was the certificate authority ca for the Domain. How can I readd Certificate Services to the domain without in validating existing certificates and services? We do a fair amount of file encrypting and use the encrypting file system.<br />
<br />
When we went to add Certificate Services to the new domain controller that was promoted to replace the failed DC, Certificate Services asks if we want to &quot;&nbsp;create a new private key or use an existing one&quot; <br />
<br />
What is the best way to proceed without invalidating issued certificates, and to prevent existing encrypted data from becoming un-decryptable?
</div>
</div>


Hello, 

We recently had an issue with a Windows 2008 r2 domain controller, and since we had domain controllers in other sites, rather than troubleshoot this issue further, the domain controller was decommissioned with the intention of promoting from surviving domain controller copies at other sites. 

However, after the server was decommissioned with metadata cleanup and this servers roles seized to other domain controllers, it was discovered that this server was the certificate authority ca for the Domain. How can I readd Certificate Services to the domain without in validating existing certificates and services? We do a fair amount of file encrypting and use the encrypting file system.

When we went to add Certificate Services to the new domain controller that was promoted to replace the failed DC, Certificate Services asks if we want to " create a new private key or use an existing one" 

What is the best way to proceed without invalidating issued certificates, and to prevent existing encrypted data from becoming un-decryptable?

Domain Controller D.R. - with Certificate Authority

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Disaster Recovery is the planning for and creation of policies and procedures related to the resumption or continuation of an organization's functions following a catastrophic event. The term is most frequently used in relation to failure of networks, but DR preparations also include other business systems and personnel considerations.

Disaster Recovery

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.