troubleshooting Question

Issues demoting a Domain Controller role on a server that also has the Enterprise sub CA role.

Avatar of sagdoc
sagdoc asked on
Active Directory* PKI CERTIFICATES
1 Comment1 Solution38 ViewsLast Modified:
I have an old Active Directory domain controller that also is an Enterprise Subordinate CA server.  Our only PIV engineer left so we don't have a lot of experience with this.  This subordinate CA server only seems to be involved in issuing the Domain Controller Certs.  I don't know why he put it on a DC but that is what I have.

I would like to demote this server as a Domain Controller only and leave the CA services installed for now.  If I demote the DC, remove the Domain Services and DNS roles but leave the machine in the domain with the CA services roles intact would that cause any issues relating to the CA process?  I have read several articles on this and some say it could cause issues and others say that id doesn't.  

Adam Brown
Cloud Security Consultant
Join our community to see this answer!
Unlock 1 Answer and 1 Comment.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 1 Comment.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros