K B
asked on
Demote certificate authority and change IP address
Windows 2003 Domain Controller and enterprise certificate authority. I know not best practice. We would like to demote the domain controller and swap the IP address with a brand-new domain controller that we will build. The new DC will be a windows 2012R2.
The demoted domain controller will remain the sole certificate authority if this is possible (with a new IP).
Is this possible?
Thank you
The demoted domain controller will remain the sole certificate authority if this is possible (with a new IP).
Is this possible?
Thank you
ASKER
Dr. Dave thank you very much for your reply.
Couple questions for you if I may.. Where did you learn this information? I would love to be able to provide an article to my customer -- or did you just learn this while attempting to do the same thing?
We need to be able to retain the name of the domain controller in the unlikely event that it will need to be used (or promoted if we do demote it) again -- the documentation was sparse so we have to play it safe.
The CA migration procedures all say to reuse the original hostname.
Ideas?
Thanks again.
Couple questions for you if I may.. Where did you learn this information? I would love to be able to provide an article to my customer -- or did you just learn this while attempting to do the same thing?
We need to be able to retain the name of the domain controller in the unlikely event that it will need to be used (or promoted if we do demote it) again -- the documentation was sparse so we have to play it safe.
The CA migration procedures all say to reuse the original hostname.
Ideas?
Thanks again.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
After the CA role has been migrated, you can demote the DC,