Re: Remove Non-Existent CA from AD

From: "Jorge de Almeida Pinto [MVP - DS]" <SubstituteThisWithMyFullNameSeparatedByDots@xxxxxxxxx>
Date: Mon, 17 Sep 2007 19:09:22 +0200

try:
MS-KBQ555151_How to remove manually Enterprise Windows Certificate Authority from Windows 2000-2003 Domain
MS-KBQ889250_How to decommission a Windows enterprise certification authority and how to remove all related objects from Windows Server 2003 and from Windows 2000 Server

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
"a_user" <auser@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:AD55C7EA-CAA3-4930-8086-51A930610007@xxxxxxxxxxxxxxxx

Okay the problem is this, about two months we had a server on the network
that registered a CA into AD for an internal test website.

The server was removed from AD and deleted but the CA certificate was not
before the server was decommissioned.

The problem we have now is a ton of error 13's in the event logs of our
DC's. I have been able to trace these errors to this old no longer accessible
certificate. How I do remove this thing? the server is no longer available.

I tried the certutil commands but keep getting access denied messages.

Prev by Date: Re: Registry key - connecting to domain
Next by Date: Re: Disaster Recovery Scenario
Previous by thread: Re: Defautl Gateway not accespting in DHCP why?
Next by thread: Any web tools to manage Active Directory
Index(es):
- Date
- Thread

Relevant Pages

Re: Windows Advanced Server 2000 PKI
... following as a rough guideline for installing a Windows 2000 Enterprise or ... - install or reconfigure your DHCP server accordingly ... Join Windows 2000 member server to new domain and install Enterprise or ... > We would like to setup PKI having server2 as the> certificate authority. ...
(microsoft.public.win2000.security)
RE: NT 4 decommission
... you require to decommission previous Windows ... NT 4.0 server. ... Microsoft does not support to demote NT BDC to NT member server. ...
(microsoft.public.windows.server.migration)
Re: Preparation to decommission original DC in Forest
... I have an original Windows 2000 Server that established my domain. ... to decommission my original DC (and soon redeploy it with Windows Server ... orginal Admin user certificate or some other precautionary procedure to ...
(microsoft.public.windows.server.active_directory)
Re: No Netlogon Service
... Did you make all new server Global Catalogs? ... How did you decommission Windows 2000 domain controller? ...
(microsoft.public.windows.server.general)
Re: NT 4.0 to 2003
... regarding the article Q246535 - Upgrade of Subordinate ... Certificate Authority from Windows NT 4.0, the Basic Constraints field ...
(microsoft.public.windows.server.migration)