Remove CA
I have been going through removing an enterprise CA on my test domain using kb889250, and have a few questions. 1. in step 7 neither of the commands work. all I get is the help information. Is this step necessary? I have read other documents that say the NTAuthCertificates object should not be removed. If this is necessary what is the correct syntax? 2. in step 9, should this action be run on each domain controller or can it be run on one domain controller and the other domain controllers will be taken care of? If this step must be done on all domain controllers separately, then how do you do it on a Server 2008 domain controller?
June 23rd, 2011 9:13pm

On Thu, 23 Jun 2011 18:13:56 +0000, zeb2100 wrote: 1. in step 7 neither of the commands work. all I get is the help information.? Is this step necessary?? I have read other documents that say the NTAuthCertificates object should not be removed.? If this is necessary what is the correct syntax? Firstly, this command does not delete the NTAuthCertificates object, it deletes any certificates in that store. Secondly, if all you're getting is help on the option then you've got a syntax error in the command. You need to ensure that: 1. You change the LDAP path correctly to match your particular environment. 2. If you are copying and pasting the command from the web page, then before executing the command, edit the resulting command line, replacing any "-" or quotation marks in the command line. Quite frequently when command lines get posted to a web site, they wind up with the wrong type of "-" (and yes, there are different "-" characters in typesetting, they have different names and different lengths, and commands run at a command line are particular about using the correct "-" http://www.grammarbook.com/punctuation/dashes.asp). 2. in step 9, should this action be run on each domain controller or can it be run on one domain controller and the other domain controllers will be taken care of?? If this step must be done on all domain controllers separately, then how do you do it on a Server 2008 domain controller? You only need to run it on a single DC and the 2003 instructions are applicable to 2008 and 2008 R2 as well though if you have a mix of 2008/2008R2 and 2003 DCs I'm not 100% that the version of certutil on the 2003 DC will delete the 2008/2008R2 DC certificates, never tried that. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca No program done by a hacker will work unless he is on the system.
Free Windows Admin Tool Kit Click here and download it now
June 24th, 2011 11:47am

Ok I typed the command in exactly from what was in the KB article. I do not know very much about ldap, so I am not sure what the correct path would be. Can you give me an example? Also, this is a necessary step then? Thanks.
June 24th, 2011 6:07pm

Can anyone help me with this?
Free Windows Admin Tool Kit Click here and download it now
June 29th, 2011 7:58pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics