Re: CA (certificate Authority) - Removing AD from box

Thanks for your help guys!

A: This is not the last domain controller in our environment.
A: Yes it is an Enterprise CA
A: Yes it was a DC when it became a "CA"

This link is good to :

http://www.microsoft.com/downloads/thankyou.aspx?familyId=c70bd7cd-9f03-484b-8c4b-279bc29a3413&displayLang=en

I've read those microsoft postings and it sounds like one has to really pay
attention and ensure the plan works out ok. My god this is involved.

Q: If the CA is down can we expect that no one can open an email because
exchange depends on it ?!

Move a CA on a domain controller to a CA on a different computer (migrating
a CA)
• CA backup
• CA configuration backup
• Uninstall services
• Install CA
• CA restore
• Active Directory cleanup


"Paul Bergson [MVP-DS]" wrote:

I would move the ca to another server, the name has to be the same to not
break the trust. I also would recommend you repost this question in the
security NewsGroup.

HOWTO: Move a certificate authority to a new server running on a domain
controller
http://support.microsoft.com/default.aspx/kb/555012/en-us

How to move a certification authority to another server
http://support.microsoft.com/default.aspx?scid=kb;en-us;298138#toc

Security NewsGroup
microsoft.public.security

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.


"Kyle BLake" <KyleBLake@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9EAC6393-E4CC-457F-8FE3-D45C4280217D@xxxxxxxxxxxxxxxx
Hi,

I have a win2kr2 DC that has CA installed. Is it ok to demote the machine
and will CA still run?

Where does the "CA" information reside, in "AD"?

I am going to virtualize this hardware as it's quite old thus the machine
name will stay the same. Very important I understand to keep name the
same.

Does anyone see any problems demoting the DC to a member server and then
migrating it? I don't think CA depends on the nic MAC or anything our
rageous like that, right?



.

Relevant Pages

  • Re: CA (certificate Authority) - Removing AD from box
    ... I would move the ca to another server, the name has to be the same to not break the trust. ... I also would recommend you repost this question in the security NewsGroup. ... Move a certificate authority to a new server running on a domain controller ...
    (microsoft.public.windows.server.active_directory)
  • Moving Certificate authority to another server
    ... I have a domain controller that is a certificate authority on server 2003 ... I need to move it to another dc in the same root domain because i will be ...
    (microsoft.public.windows.server.general)
  • Re: Client performance problem windows 2003 server...
    ... >Subject: Re: Client performance problem windows 2003 server... ... >Deploying Active Directory for Branch Office Environments ... >results from not having a domain controller in a particular site. ... incorrectly applied site coverage will be bad for clients ...
    (microsoft.public.windows.server.networking)
  • Re: Client performance problem windows 2003 server...
    ... Testing server: Verkstadsgatan\VERKTYG ... Deploying Active Directory for Branch Office Environments ... results from not having a domain controller in a particular site. ... incorrectly applied site coverage will be bad for clients ...
    (microsoft.public.windows.server.networking)
  • RE: NTDS.dit file is currupt
    ... "microsoft" wrote:> We are currently facing a serious problem with one our client server. ... > After rebooting the machine in directory services restore mode, I had> followed the steps below; ntdsutil neither defrag Active Directory Database> nor repair. ... Restart the domain controller. ... Check the integrity of the Active Directory database. ...
    (microsoft.public.win2000.active_directory)