No announcement yet.

Demoting/removing a DC/GC

  • Filter
  • Time
  • Show
Clear All
new posts

  • Demoting/removing a DC/GC

    I can't say I've done this for a very long time but thought I'd ask. I'm demoting a DC/GC which has no roles with the intention of switching if of because I have another DC/GC, as well as the main DC/GC which is assigned all roles.

    When I run Dcpromo it reports ‘Before you can install or remove Active Directory, you must remove Certificate Services’

    The Certificate Services service is not running on this DC, but is on the main roles DC

    I've run the command ‘certutil –key’ on all three with differing results but they all report back successfully.

    I see this on the DC I want to demote, but not on the roles master

    Microsoft Strong Cryptographic Provider:
    <name here> Sub

    Can I simply delete the keys off the server using?

    certutil –delkey <CA_NAME>