Avatar of sagdoc
sagdoc asked on

Issues demoting a Domain Controller role on a server that also has the Enterprise sub CA role.

I have an old Active Directory domain controller that also is an Enterprise Subordinate CA server.  Our only PIV engineer left so we don't have a lot of experience with this.  This subordinate CA server only seems to be involved in issuing the Domain Controller Certs.  I don't know why he put it on a DC but that is what I have.

I would like to demote this server as a Domain Controller only and leave the CA services installed for now.  If I demote the DC, remove the Domain Services and DNS roles but leave the machine in the domain with the CA services roles intact would that cause any issues relating to the CA process?  I have read several articles on this and some say it could cause issues and others say that id doesn't.  

* PKI CERTIFICATESActive Directory

Avatar of undefined
Last Comment
Adam Brown

8/22/2022 - Mon
Adam Brown

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck