DC Demotion and Certificate Services

  • 967 Views
  • Last Post 01 April 2016
brian.cline posted this 19 May 2006

We will be demoting one of our domain controllers to a member server, which also happens to be running certificate services. Before demoting, however, I must of course remove certificate services. The only certificates it has issued are for domain controllers, as well as a web server certificate to the domain administrator.

If I understand correctly, to move this CA I can go through the CA backup process in MMC, install certificate services on the other DC and restore the backup to it. Is this correct? I have very little experience with certificate services in particular, so I want to make sure this is the correct way to go about this. Any guidance on moving it from one DC to another would be appreciated. Thanks.

--

Brian A. Cline

Internet Applications Developer

G&P Trucking Company, Inc.

Direct:      803.936.8595

Toll Free:  800.922.1147 x8595

Order By: Standard | Newest | Votes
SmitaCarneiro posted this 01 April 2016

If you set up a new CA with the same 'friendly name' you may be able to back up your old CA and restore to the new one.




Make sure you test first and document everything that is on the old server.




Smita


Sent from my iPhone


On Mar 31, 2016, at 10:53 AM, Rajeev Chauhan <rkaramchand@xxxxxxxxxxxxxxxx> wrote:









run certutil

-getreg ca\CAType to get CA type


show

Rajeev Chauhan posted this 31 March 2016

run certutil -getreg ca\CAType to get CA type


show

kebabfest posted this 31 March 2016

I had a look there. It is AD integrated, but there is only a few one.  I'll do some digging about the EFS ones to make sure I am covered. I think setting up a new one looks like the cleanest way. Thanks for the info.


show

ZJORZ posted this 20 May 2006

__________

From: ActiveDir-owner@xxxxxxxxxxxxxxxxxx on behalf of Brian Cline
Sent: Fri 2006-05-19 19:52
To: ActiveDir@xxxxxxxxxxxxxxxxxx
Subject: [ActiveDir] DC Demotion and Certificate Services

We will be demoting one of our domain controllers to a member server, which also happens to be running certificate services. Before demoting, however, I must of course remove certificate services. The only certificates it has issued are for domain controllers, as well as a web server certificate to the domain administrator.

If I understand correctly, to move this CA I can go through the CA backup process in MMC, install certificate services on the other DC and restore the backup to it. Is this correct? I have very little experience with certificate services in particular, so I want to make sure this is the correct way to go about this. Any guidance on moving it from one DC to another would be appreciated. Thanks.

--
Brian A. Cline
Internet Applications Developer
G&P Trucking Company, Inc.
Direct: 803.936.8595
Toll Free: 800.922.1147 x8595

This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
>

brian.cline posted this 19 May 2006

That is correct.

show

bbernie1 posted this 19 May 2006

I take it your using an Enterprise CA and issuing via the
Domain Controller Template?

show

Close