I inherited a network that has aa domain controller that also hosts our SQL Server backend. I have two other domain controllers on the network. I believe SQL Server would be better off on a member server that is not a domain controller. I would like to demote the domain controller it is currently installed on as I have other domain controllers on the network.Here's my problem. The DC in question also hosts a Certificate Server. We rarely use certificates, the only time I am aware one is used is when I log onto our firewall device, which is rare. I would like to delete and remove the CA, demote the DC to a member server and reinstall the CA. I was also under the impression that CA's are recommended to be installed on non DC servers.From reading various articles there seems to be quite a bit of work involved in removing a CA from a DC. Has anyone seen a step by step guide to uninstalling a CA from a DC? I've never done it before.Our servers are all Windows 2003 enterprise. The functional level is Windows 2000R2. I have nothing against raising the function level to 2003 if that would help. I don't know why the former network admin never raised it.Thanks.

Hi, To demote a Domain Controller hosting Certificate Authority, you need to perform the following steps: 1. Backup the CA. 2. Uninstall CA. 3. Demote the DC. 4. Install the CA from backup. Ive included the following articles for your reference: Back up a certification authority http://technet.microsoft.com/en-us/library/cc737405.aspx HOWTO: Move a certificate authority to a new server running on a domain controller. http://support.microsoft.com/kb/555012 How to move a certification authority to another server http://support.microsoft.com/?id=298138 Performing the Upgrade or Migration http://technet.microsoft.com/en-us/library/cc742388.aspx