Hi -- We are in the process of retiring a coupe of old root CA's - i am building new 2008 CA and want to stop the others issuing certs Do i just delete the templates via listed under policy settings for the 2000 based server via mmc for the 2003 delete the templates listed under certificate templates via certsrv mmc Presume once this is done all future cert requests will be directed to the new 2008 CA ? thanks

More correctly, the 2000 and 2003 CAs will quit responding to certificate requests since they are no longer serving any certificate templates Brian

Thanks for the reply Once i have stopped the 2 old CA's serving out new certs , if i revoke a cert previously issued by one of the 2 old CA's (A domain controller cert for example) will the request therefore be handled by the new CA and a new cert will be then be issued ? Once i have revoked all the certs from the 2 old CA's and have had them re-certify to the new CA i plan to then decommision the 2 old CA's Thanks

Hi, New request will be handled by the new CA. If you plan to decommission the old CAs, I suggest that you refer to the following article: How to decommission a Windows enterprise certification authority and how to remove all related objects from Windows Server 2003 and from Windows Server 2000 http://support.microsoft.com/kb/889250 This posting is provided "AS IS" with no warranties, and confers no rights.