Announcement

Collapse
No announcement yet.

Demoting DC query

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Demoting DC query

    I have a few questions about dcpromo'ing a 2003 DC.

    When running dcpromo I receive 'Before you can install/unistall AD.......remove Certifivate Services........'

    The server in question does not have the Certificate services running.

    I checked our main DC (FSMO all roles), the certificates for that server showed (no ref to server I want to demote) they had all expired and also had some for servers that no longer existed.

    Should I then be ok to run certutil -shutdown on the server I wish to demote?

    Thanks

  • #2
    Re: Demoting DC query

    To clarify your question:

    1. You want to demote a W2K3 DC that was once also a Certificate Authority.

    2. The Certificate Authority in question is no longer being used, and all the certificates that it has issued are expired.

    If that's the case you should be fine to remove certificate services. If the CA is an Enterprise CA, you may need to perform additional cleanup steps over and above the certutil -shutdown. See http://support.microsoft.com/kb/889250

    Comment


    • #3
      Re: Demoting DC query

      Originally posted by ScottMcD View Post
      To clarify your question:

      1. You want to demote a W2K3 DC that was once also a Certificate Authority.

      Yes I want to demote but can find no evidence that it was a CA, even the service is stopped, but it reports CA services need to be removed before demoting.

      2. The Certificate Authority in question is no longer being used, and all the certificates that it has issued are expired.

      If that's the case you should be fine to remove certificate services. If the CA is an Enterprise CA, you may need to perform additional cleanup steps over and above the certutil -shutdown. See http://support.microsoft.com/kb/889250
      The only CA I can find is the main roles server and each certificate is noted as expired (this comment was just an observation for another DC GC).

      So I'm a little puzzled

      Comment

      Working...
      X