Hi, I have found that previous Certification Authorities on network was deleted some time ago and now we are having some problems related to Certificates. I think that previous admins was not stick to the Best Practices at all.
There used to be 3 different certification authorities as much as I can see on logs, pkiview, adsiedit, etc. but that servers no longer exist and there is no backup of them.
The only server that I found with "CA" role installed is a Domain Controller, I think that that is some kind of restore from previous CA from windows 2003 (I don´t know what kind of CA it used to be) but it is not issuing certificates since the restore (I assume) an year ago so far.
There are various old issued certificates that are still valid on that CA.
Our current servers run Active directory Windows 2k8 R2 there is only one domain and a couple of sites.
We have installed an stand alone not joined to domain Root CA to allow some things to work without adding more noise to our Active Directory Infrastructure but we are planing to set up to tier PKI according to the best practices.
Is there any safe way to clean Active directory how can I know how much integrated is that "restored" CA to Active directory.
Thanks.
There used to be 3 different certification authorities as much as I can see on logs, pkiview, adsiedit, etc. but that servers no longer exist and there is no backup of them.
The only server that I found with "CA" role installed is a Domain Controller, I think that that is some kind of restore from previous CA from windows 2003 (I don´t know what kind of CA it used to be) but it is not issuing certificates since the restore (I assume) an year ago so far.
There are various old issued certificates that are still valid on that CA.
Our current servers run Active directory Windows 2k8 R2 there is only one domain and a couple of sites.
We have installed an stand alone not joined to domain Root CA to allow some things to work without adding more noise to our Active Directory Infrastructure but we are planing to set up to tier PKI according to the best practices.
Is there any safe way to clean Active directory how can I know how much integrated is that "restored" CA to Active directory.
Thanks.