Re: Remove CA from Forest DC
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Wed, 1 Nov 2006 13:09:02 -0000
Hi
check
To complete remove from forest:
How to decommission a Windows enterprise certification authority and how to remove all related objects from Windows Server 2003 and from Windows 2000 Server
http://support.microsoft.com/kb/889250
To move between servers:
How to move a certification authority to another server
http://support.microsoft.com/kb/298138
To move between servers that are DCs:
HOWTO: Move a certificate authority to a new server running on a domain controller.
http://support.microsoft.com/kb/555012
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"news.microsoft.com" <donotemail> wrote in message news:eXNAhQQ$GHA.4464@xxxxxxxxxxxxxxxxxxxxxxx
We're looking to rebuild our forest level domain controllers with new disks, different RAID arrays, and upgrade to Server 2003 from 2000. One of the DCs is running CA services, for WSUS. However, I see a bunch of certificates have been issued to other domain controllers (we have several domains / single forest). It looks like each domain controller has at least one certificate.
If I follow the steps to decommission the CA and then bring up a new CA (vs. backup/restore), will not having a CA goof up active directory logins/etc.? In other words, are the automatically generated certificates for domain controllers necessary for our directory services to function? I figured that the CA wasn't as I've heard from several other shops that they don't even run a CA.
--
Tim
.
- References:
- Remove CA from Forest DC
- From: news.microsoft.com
- Remove CA from Forest DC
- Prev by Date: Re: restrict creation of local account
- Next by Date: Re: group policy for folder redirection
- Previous by thread: Remove CA from Forest DC
- Next by thread: Re: Connecting to Novell's eDirectory using ADSI (VB 6.0)
- Index(es):
Relevant Pages
|
