|
Posted by S. Pidgorny on November 12, 2007, 2:43 am
Please log in for more thread options
DCs don't have to have certificates issued and coontinue to function
normally unless used by applications.
Proper decommissioning process and further info:
http://support.microsoft.com/kb/889250
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
>I have an old Win2k3 server running Cert Services as Root CA and ADC
> on a v. small network.
> Just installed a new SBS2003 server and made this a DC. Migrated all
> the Ex2k3 stuff to the new server and copied the user data across.
> Now want to dcpromo the old server to take it out, but cant while
> cert
> services is installed.
> Note: The Cert services has very limited use and in fact as *only*
> been used to generate certifcates for the DCs (old and new)
> themselves.
>
> Question: I know I cant move the cert server from old to new becuase
> the servers have different names. So I will have to uninstall CS.
> When
> I do this the root CA becomes invalid and by defination all
> certifcates issued by it.
>
>
> As I have nothing encrypted with the old Root CA will this cause any
> problems?
> Do DCs *have* to have a certificate issued? Should I install CS on
> the
> new (SBS) server and create a new Root CA for my DCs?
>
>
> If a DC had a cert...and then doesnt....what happens?
> Just trying to get a heads up before I do something stupid ;)
>
>
> Al.
>
| 
XML Sitemap