Re: Removing CA Objects from AD

From: S. Pidgorny (slavickp_at_yahoo.com)
Date: 08/11/05


Date: Thu, 11 Aug 2005 19:43:29 +1000

I think after the crash the previous CA information is still stored in the
AD - under Services, that is.
Fore detailed information, see "How to decommission a Windows enterprise
certification authority and how to remove all related objects from Windows
Server 2003 and from Windows 2000 Server" -
http://support.microsoft.com/?id=889250, and the removing objects part in
it.

-- 
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
"Billy" <bj1725@ntlworld.com> wrote in message
news:e9mbJ8anFHA.2916@TK2MSFTNGP14.phx.gbl...
> hi
> Can you clarify - the server that crashed has been rebuilt using the same
> name and is now back onto the domain and re-assgined its position within
AD
> sites & services?
>
> Billyj
>
>
>
> "S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message
> news:ewsxwjZnFHA.3568@TK2MSFTNGP10.phx.gbl...
> > Remove the CA object from Active Directory sites and Services?
> >
> > -- 
> > Svyatoslav Pidgorny, MS MVP - Security, MCSE
> > -= F1 is the key =-
> >
> > "Billy" <bj1725@ntlworld.com> wrote in message
> > news:#47$gEZnFHA.1088@TK2MSFTNGP14.phx.gbl...
> >> My master DC crashed and had to be rebuilt - it was originally set up
as
> >> a
> >> certificate server, I have not re-installed certificate services and
not
> >> wish to if I can get away with it. - however I am getting an warning in
> >> my
> >> event log
> >> Source: Winlogon
> >> Category: None
> >> Event ID: 1010
> >> Automatic enrollment against the certification authority 'myservername'
> > for
> >> a certificate of type DomainController has failed (0x800706ba) The RPC
> >> server is unavailable. - Another certification authority will be tried.
> >>
> >> The only issues I  can see is that I can no longer get OWA (it is an
> >> exchange server also) Clients accessing OWA did have to do a HTTPS
> >> connection after I had set up the CA.
> >>
> >> So basically what I am asking is how to overcome this by manually
> >> removing
> >> the CA object left in Active Directory?
> >>
> >> BillyJ
> >>
> >>
> >
> >
>
>