sara2000
asked on
Domain controller and root Enterprise root cert
I want to demote a DC which holds Enterprise root CA and install a new DC with same name and ip. I guess i have to remove CA prior to demote.
We do not have standalone/sub cert CAs.
Computers use trusted root cert issued by this root CA. Will i have problem of joining new computer to promote as DC in the absence of root CA?
or AD has published trusted cert and will not have an issue even if i do not have CA online ?
I would appreciate your advice on this.
We do not have standalone/sub cert CAs.
Computers use trusted root cert issued by this root CA. Will i have problem of joining new computer to promote as DC in the absence of root CA?
or AD has published trusted cert and will not have an issue even if i do not have CA online ?
I would appreciate your advice on this.
ASKER
Can I join a server if we do not have live CA?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
However it should not be needed as workstations can use self signed certs. Remember tho that you need to backup your root cert and restore it on the new ca if you want issued certificates to be valid even after you reinstall ca.
Use this procedure to understand migrations:
https://www.petri.com/migrate-restore-windows-server-2012-r2-certification-authority-to-new-server