|
Posted by Paul Bergson [MVP-DS] on June 5, 2007, 11:25 am
Please log in for more thread options
This would have been best asked in the security newsgroup. I have copied
them in on this.
No. You will have to completely re-issue all. The name has to stay exactly
the same.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
> Jorge Silva wrote:
>> Hi
>> There is much more than that check:
>> "CA Requirements" in
>>
http://technet2.microsoft.com/windowsserver/en/library/4d0c3b6e-e6f5-4ab3-9d81-106ae3a715491033.mspx?mfr=true
>>
>>
>>
>> Jorge Silva
>> MCSE, MVP Directory Services
>>> We have a simple Windows Server 2003 domain, at 2003 functional
>>> level, with two DCs.There are some other 2003 member servers and XP
>>> workstations. We want to rename the domain as the company is
>>> rebranding. Unfortunately one of the DCs is also our Certificate
>>> Authority, so (I
>>> think!) that means the rendom process won't work.
>>>
>>> Could I just remove the domain controller role from the CA server,
>>> rename the domain, then promote it back?
>>>
>>> (I know it's not ideal to have a DC as a CA ...)
>>>
>>> --
>>> LSR
>
> Yes I've seen that and the docs at fwlink 5585. All it really says that is
> relevent is:
> ====
> Management of enterprise certificates can continue during a domain rename
> procedure when the following requirements are in effect before domain
> rename:
> . The CAs are not installed on domain controllers.
>
>
> ====
> - hence my question. We only use certificates internally for IIS
> (SourceSafe and WSUS authentication) so I can reissue them later if
> necessary.
>
>
> --
> LSR
>
| 
XML Sitemap