Re: W2k3 CA uninstall question

From: David Cross [MS] (dcross_at_online.microsoft.com)
Date: 09/28/04 

Date: Tue, 28 Sep 2004 05:20:04 -0700

Domain controllers automatically request certificates as soon as they find
an enterprise CA in AD. If you are not using services such as smartcard
logon, smtp replication, LDAPS to DCs, etc you should be fine. The DCs will
pick up new certs from the new CA when available. 

-- 
David B. Cross [MS]
--
This posting is provided "AS IS" with no warranties, and confers no rights.
http://support.microsoft.com
"J" <J@email.com> wrote in message 
news:%23CGy9vNpEHA.556@TK2MSFTNGP09.phx.gbl...
> Hello all,
>
> First off thanks to anyone that responds to this post.
>
> I installed a MS CA on a W2k3 DC to facilitate an Exchange 2000/2003 
> migration. (Temporary SSL cert for OWA while working out the bugs of my 
> configuration of the new server while my production email server was 
> running) I'm through with my migration and need to reallocate the hardward 
> that the CA is installed on. I noticed in the CA console that all my DC's 
> in all my domains and the domain admin, and 2 users have been issued 
> certificates.
>
> My question is if i uninstall the CA(With no intent to reinstall the CA), 
> demote the DC to a member server, and finally wipe the box, will this have 
> any ramifications on my DC's or network?
>
> I'm not sure why my DC's have been issued a cert but figured it has 
> something todo with the domain security.
>
> Any help is greatly appreciated.
>
> J
>

Relevant Pages

  • Re: W2k3 CA uninstall question
    ... > Domain controllers automatically request certificates as soon as they find ... >> configuration of the new server while my production email server was ... >> issued certificates. ... >> I'm not sure why my DC's have been issued a cert but figured it has ...
    (microsoft.public.windows.server.security)
  • RE: IIS Key pairs (how to export an IIS 4.0 self-issued Root CA a nd import into new IIS 4.0 box)
    ... it prompts the user for what client cert they want to use to connect to the ... it issues client certificates to the end users. ... Step I - Installing the New Server ... Install NT SP 3 ONLY ...
    (Focus-Microsoft)
  • Re: ActiveSync error 0x85010004 from Windows Mobile 6 to SBS 2003
    ... I found a link suggesting a test of the OMA using a desktop browser by ... the server and from the phone. ... I then reinstalled the cert, ... Before installing the cert, I could ...
    (microsoft.public.windows.server.sbs)
  • RE: Certificate logon on Unix
    ... I don't know of any package but there is prolly one out there you should ... The good news is that getting fulle client ... and server side authentication is pretty easy so it will work as a quick ... setup your CA and make the root cert Pbk available to everyone. ...
    (Security-Basics)
  • Re: SSL certificates
    ... Should I just create a new self signed cert for StartTLS? ... self-signed certificate to advertise StartTLS to internet Server to Server ... Also I am trying to see how the send/recieve connectors FQDN play a part ...
    (microsoft.public.exchange.admin)