Hi All
I have a situation I can't seem to figure out how to fix.
About 12 months ago a 2003 (Standard) Domain Controller experienced terminal failure. Unfortunately the same environmental situation also took out the backup infrastructure (building floods) which meant I was completely unable to restore the DC.
Thankfully the Domain was recoverable by seizing the roles to a 2008 R2 Backup Domain Controller, the old 2003 DC happened to host Certificate Services for clients. I installed Certificate Services onto the 2008 R2 DC and ever since, things appeared to have been working OK - until recently. One thing I should probably mention is I used the same name for the CA as it was previously (e.g. "MyOrg CA"). I'm not sure if that was a bad decision.
I am now realising the old 2003 server is still listed in the CRL in AD (both http and LDAP) - but the new 2008 R2 DC is not.
I am now trying to figure out how to remove the 2003 server from the CRL and add the 2008 R2 server.
I tried Renewing the CA Certificate in the Certificate Services console hoping this would generate a new CA Certificate with what I thought would be the current 2008 R2 DC server in the CRL, however all that did was create another CA Certificate with the new issue/expiration dates, but it still has the old CRL. Now I have two CA Certificates which is rather annoying (how/should I correct this?).
I am even noticing new certificates issued by the 2008 R2 CA also only have the old server in the CRL - so I'm guessing this information is orphaned in AD somewhere.
So my two questions are:
1. How do I purge the old 2003 server from the CRL
2. How do I fix the situation with the two CA Certificates? How do I delete them once I have corrected the CRL?
Thanks
Ben