I need to demote & remove a DC from the domain. However, it has
certificate services loaded on it, and it's the cert server for the
Domain Controllers. I've never seen a domain controller need a
certificate before! The server was Windows SBS that was upgraded to
Windows
SBS R2 and then used the transition pack to go to Windows 2003
Standard server.
My questions are
1. What happens to our Domain controllers and our domain if I just
remove the certification services from this old server? Will they
stop
functioning? (I don't want to revoke them, right? Just remove the
certificate services from the server.)
2. Do I need to load certificate services on a different DC? If so,
how can I transfer them to the new server (NOTE: it has a different
name that the old server so I know I can't just move them) or do I
just load cert services, remove it from the old one, and the DC's
will
request and get new certs from the new server with certificate
services automatically?
3. I know from searching this group that DC's are "Hard coded" to ask
for certs, but do they need them? I've had plenty of domains with no
cert authority in them.
Basically, the crux of my questions are
1. How do I remove this certification authority without screwing up
my
domain?
2. Do I need to create a new cert authority on a different DC?
Thank you in advance for any help on this.
Posted by Ollapodrida on May 15, 2007, 8:13 am
Please log in for more thread options
I'm having the same issue; any information would be helpful. Thanks!
XML Sitemap