CA Server Crash

  • Thread starter Thread starter matt
  • Start date Start date
M

matt

Hello,

I had a stand alone CA installed on a memeber server and server crashed and
will not be used again.
I had issued only one certificate.

I'm going to in CA on a new server ... before that ... do I need to clean up
Active Directory ???

Thanks
MaTT
 
Hi Matt. Since this was not an Enterprise CA nor a domain controller you do not need
to clean up AD with ntdsutil. You may want to remove the machine account in AD and
remove the host records in dns. --- Steve
 
The following commands will delete DS PKI related objects for the named CA and machine. If the CA was installed on a domain-joined machine, and it was installed by a Domain or Enterprise administrator, the CA was published in the DS, and will have several objects

certutil -dsdel CANam
certutil -dsdel CAMachineNam

You may wish replace -dsdel with -ds to first list all of the objects that match for each command, in case you want to see what will be deleted by the -dsdel commands

There is also a KB article on cleaning up the DS after abandoning a CA
Thanks
Vishal Agarwal [MSFT

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top