Active Directory cleanup after Certificate Authority host name move/change
Hopefully I am in the right forum. I cannot find a Certificate Services forum. Move this if it is better suited somewhere else.
So I just followed the "Host name change" steps in http://technet.microsoft.com/en-us/library/cc742388.aspx to remove the CA from a DC and move it to another newly installed server while changing the name. My old CA was on the domain controller, LAB-DC01. My new CA is called, LAB-CAROOT. I completed the move and certs are issuing and verifying.
When completing the section toward the bottom titled, "Active Directory permissions for the CA", I was unclear when checking the"LAB.LOCAL/Configuration/Services/Public Key Services/CDP" container what to do with the old server container in here. Both servers are shown in ADSIEdit/Active Directory Sites and Services as well as when viewing the"Manage AD Containers" in PKIview.msc. Screen shots below.
So my questions are...
- Can I delete the CDP information relating to LAB-DC01?
- Will this affect any of the CRL checking?
I thought it would be OK since the CA was migrated, not running another along side. Any thoughts or input is welcomed. Thanks!
Find this post helpful? Does this post answer your question? Be sure to mark it appropriately to help others find answers to their searches.