<div>
You can backup ca and root certificate and reinstate it on a different workstation before demoting the dc.<br />
However it should not be needed as workstations can use self signed certs. Remember tho that you need to backup your root cert and restore it on the new ca if you want issued certificates to be valid even after you reinstall ca.<br />
Use this procedure to understand migrations:<br />
<a href="https://www.petri.com/migrate-restore-windows-server-2012-r2-certification-authority-to-new-server" rel="ugc">https://www.petri.com/migrate-restore-windows-server-2012-r2-certification-authority-to-new-server</a>
</div>


You can backup ca and root certificate and reinstate it on a different workstation before demoting the dc.
However it should not be needed as workstations can use self signed certs. Remember tho that you need to backup your root cert and restore it on the new ca if you want issued certificates to be valid even after you reinstall ca.
Use this procedure to understand migrations:
https://www.petri.com/migrate-restore-windows-server-2012-r2-certification-authority-to-new-server [https://www.petri.com/migrate-restore-windows-server-2012-r2-certification-authority-to-new-server]

<div>
Can I join a server if we do not have live CA?
</div>


Can I join a server if we do not have live CA?

<div>
<div class="content wysiwyg-content">
I want to demote a DC which holds Enterprise root CA and install a new DC with same name and ip. &nbsp;I guess i have to remove CA prior to demote.<br />
We do not have standalone/sub cert CAs.<br />
Computers use trusted root cert issued by this root CA. Will i have problem of joining new computer to promote as DC in the absence of root CA?<br />
or AD has published trusted cert and will not have an issue even if i do not have CA online ?<br />
I would appreciate your advice on this.
</div>
</div>


I want to demote a DC which holds Enterprise root CA and install a new DC with same name and ip.  I guess i have to remove CA prior to demote.
We do not have standalone/sub cert CAs.
Computers use trusted root cert issued by this root CA. Will i have problem of joining new computer to promote as DC in the absence of root CA?
or AD has published trusted cert and will not have an issue even if i do not have CA online ?
I would appreciate your advice on this.

Domain controller and root Enterprise root cert

Installation is the act of making a computer program program ready for execution. Because the process varies programs often come with a specialized program responsible for doing whatever is needed for their installation. Installation may be part of a larger software deployment process. Cross platform installer builders that produce installers for Windows, Mac OS X and Linux include InstallAnywhere, InstallBuilder and Install4J. Installers for Microsoft Windows include Windows Installer, InstallShield, and Wise Installation Studio; free installer-authoring tools include NSIS, IzPack, Clickteam, InnoSetup, InstallSimple and WiX. Mac OS X includes Installer, and also includes a separate software updating application.

Installation

PKI CERTIFICATES

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.