Domain Controller Certificates and moving to a new server or removing them?
- From: amanda a <amandaacheson@xxxxxxxxx>
- Date: 23 Apr 2007 11:42:08 -0700
I need to demote & remove a DC from the domain. However, it has
certificate services loaded on it, and it's the cert server for the
Domain Controllers. I've never seen a domain controller need a
certificate before! The server was Windows SBS that was upgraded to
Windows
SBS R2 and then used the transition pack to go to Windows 2003
Standard server.
My questions are
1. What happens to our Domain controllers and our domain if I just
remove the certification services from this old server? Will they
stop
functioning? (I don't want to revoke them, right? Just remove the
certificate services from the server.)
2. Do I need to load certificate services on a different DC? If so,
how can I transfer them to the new server (NOTE: it has a different
name that the old server so I know I can't just move them) or do I
just load cert services, remove it from the old one, and the DC's
will
request and get new certs from the new server with certificate
services automatically?
3. I know from searching this group that DC's are "Hard coded" to ask
for certs, but do they need them? I've had plenty of domains with no
cert authority in them.
Basically, the crux of my questions are
1. How do I remove this certification authority without screwing up
my
domain?
2. Do I need to create a new cert authority on a different DC?
Thank you in advance for any help on this.
.
- Prev by Date: Re: [Q] Kerberos DES encryption
- Next by Date: Re: Kerberos DES encryption
- Previous by thread: Re: [Q] Kerberos DES encryption
- Next by thread: Windows Media Player Remote Code Execution (923689)
- Index(es):
Relevant Pages
|
|
