Donney Smith
asked on
Help with Certificate Authority
I deleted a VM and its name from Active Directory. Turns out it was not just a Helpdesk storage server it was the Certificate Authority. I restored the VM but it can not connect to the domain due to it being removed from the domain. I can get in by disabling the NIC and access the CA. So my question is.
1. Can I just build a new server with the same name and export the data over?
2. Do I need to remove all the old info from AD even if I keep the same name?
3. What are the best steps to follow?
Thanks in advance for your help.
1. Can I just build a new server with the same name and export the data over?
2. Do I need to remove all the old info from AD even if I keep the same name?
3. What are the best steps to follow?
Thanks in advance for your help.
How about if you manually create a computer account manually and rejoin you ca server to domain?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No need to build new server
Just rejoin recovered server back to domain and you should be back in business
if you find any difficulties in rejoining domain, 1st logon with local admin, check if server is still showing as part of domain, then disjoin it from domain, reboot and rejoin to domain.
Just rejoin recovered server back to domain and you should be back in business
if you find any difficulties in rejoining domain, 1st logon with local admin, check if server is still showing as part of domain, then disjoin it from domain, reboot and rejoin to domain.
Just try this.
Since you can use domain admin login when NIC is disabled, log on and create local admin user (or if you have local administrator disabled, just enable it)
Rename password for this user to know it.
Restart VM and log on as local user (NIC can be active now)
Remove computer from domain in control Panel and log in as local user again.
Make sure you have your network IP from DHCP, if not assign IP manually and make sure computer is talking to DNS
Now ADD this VM to domain, restart and login using domain admin.
All trust should be rebuild.
Since you can use domain admin login when NIC is disabled, log on and create local admin user (or if you have local administrator disabled, just enable it)
Rename password for this user to know it.
Restart VM and log on as local user (NIC can be active now)
Remove computer from domain in control Panel and log in as local user again.
Make sure you have your network IP from DHCP, if not assign IP manually and make sure computer is talking to DNS
Now ADD this VM to domain, restart and login using domain admin.
All trust should be rebuild.
I see you tagged 2008... Is it perhaps 2008 R2? Did you enable the recycle bin?
If so, just restore computer account
If so, just restore computer account
ASKER
You can't remove from Domain because it's a CA. CA would need to be uninstalled. Recycle bin was not enabled.
ASKER
Thank you for your help.
https://blogs.technet.microsoft.com/pki/2012/01/27/decommissioning-an-old-certification-authority-without-affecting-previously-issued-certificates-and-then-switching-operations-to-a-new-one/
This will get the certificates back onto the new CA.