Re: Replace current Certificate server

Well you should know iwhat is going on in your network, including the use of Certificates, you're the right person to answer that, not me:)
If you're sure that your DCs aren't making any use of the existing Ca, you can remove the CA without any problem and introduce the new one, I've done this several times and never had any problem, however is always good to test before Implement.
;)


--

I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE

"thawkz" <thawkz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:972B2352-7812-4ED7-A950-FA781D759F1D@xxxxxxxxxxxxxxxx
Again, continued thanks for your assistance.

I am not well-schooled in this CA stuff...so please keep this in mind as we
work through this....
Also, I inherited this environment, so I was not involved in setting up the
initial CA.

I checked the "issued certificates" through the CA MMC on the cert server,
and some of the domain controllers are listed as having certificates....I
have had to rebuild a couple of DCs since I have been here, and I have never
explicitly configured any domain controller to use certificates, so it
appears the DCs have registered with the CA automatically.....

What would the DCs be using the CA for? What is impact to the DCs/Active
directory, if I perform a decommish operation on the existing CA?

Thanks.


"Jorge Silva" wrote:

> My primary concern is "What am I going to break if I bring up another > CA,
> while the other CA is still operational?" Will the Domain
> controllers/Active
> Directory still work properly, etc......
Are you using Certs on DCs? What Certs did you issued and what they're used
for?

--

I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE

"thawkz" <thawkz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2CF5356A-EE9C-435A-8BEC-80EC1FF933EA@xxxxxxxxxxxxxxxx
> Thanks for the link, however this does not completely answer my > question
> above.
>
> Let me rephrase:
>
> I do not think that we need to perform a migration, as we only have 1 > or
> two
> certs issued. I am thinking that I can just reissue these couple of
> certificates once the new server is installed.
>
> My primary concern is "What am I going to break if I bring up another > CA,
> while the other CA is still operational?" Will the Domain
> controllers/Active
> Directory still work properly, etc......
>
>
> "Jorge Silva" wrote:
>
>> Hi
>> check
>> support.microsoft.com/kb/298138
>>
>> -- >>
>> I hope that the information above helps you.
>> Have a Nice day.
>> Jorge Silva
>> MCSE
>>
>> "thawkz" <thawkz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:3AA9DEA3-2081-4248-A42D-FBB2B88AD255@xxxxxxxxxxxxxxxx
>> > Hi,
>> >
>> > I have seen several posts on this topic, but none of which relate to >> > my
>> > specific situation:
>> >
>> > 1) Windows 2000 AD
>> > 2) One CA server - installed on a member server.
>> > 3) We want to install a new CA server on new hardware.
>> > 4) I need to know can I simply Install certificate services on the >> > new
>> > hardware without doing any of the migration steps referenced in >> > other
>> > posts.
>> > To my knowledge we do not need the old CA database for anything.
>> >
>> > 5) After installing certificate services on the new hardware and >> > making
>> > sure
>> > it is working properly, I would then perform the decommissioning >> > steps
>> > mentioned in the appropriate KB article.
>> >
>> > My only concern in doing this is that I do not know the impact on >> > the
>> > domain
>> > controllers....How do the DCs use the CA? Would I have to >> > reconfigure
>> > anything on the domain controllers? Would this approach break >> > anything?
>> >
>> > Your help is appreciated.
>> >
>> >
>> >
>> >
>>


.

Relevant Pages

  • Re: Replace current Certificate server
    ... This would be how your domain controllers got ... Domain controllers will use their certificates to authenticate between each ... Domain controllers will auto-enroll when group policy is ... I need to know can I simply Install certificate services on the new ...
    (microsoft.public.windows.server.active_directory)
  • Re: Binding to AD using LDAP over SSL
    ... the DCs have computer certificates that were automatically issued when I ... > I thought that when you brought up an Enterprise Root CA in the directory ...
    (microsoft.public.win2000.active_directory)
  • Re: Certificates Question
    ... stating that the RPC server is unavailable with Event ID's 13 and 16. ... not sure where the certificates are supposed to come from. ... Should this be the first DC we created in our network? ... deployed 3rd party certificates to these DCs in the past? ...
    (microsoft.public.windows.server.security)
  • Re: Replace current Certificate server
    ... I checked the "issued certificates" through the CA MMC on the cert server, ... and some of the domain controllers are listed as having certificates....I ... appears the DCs have registered with the CA automatically..... ... I need to know can I simply Install certificate services on the new ...
    (microsoft.public.windows.server.active_directory)
  • Re: Correct root certificate is not installed
    ... your certificates for your Domain controllers (or in my case my SBS server). ... You can not bother with purchasing the multi domain cert then just provide ...
    (microsoft.public.mac.office.entourage)