![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 33%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJD%3C/text%3E%3C/svg%3E)
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,528 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 11%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJZ%3C/text%3E%3C/svg%3E)
Hello,
Thank you for posting in Q&A forum.
Based on your description, we suggest that you refer to the following steps for operation:
Revoke the certificate of the old CA on the CA server and ensure that the certificate of the old CA is deleted on all domain controllers in the domain.
Use the Active Directory Users and Computers or ADSI Edit tool to delete objects related to the old CA in AD. Ensure to backup AD data before operation.
Ensure updating the LDAPS template for use with the new CA. You may need to reissue the LDAPS certificate.
Ensure to check the certificate store on the domain controller and delete all certificates related to the old CA. Ensure that only the root CA certificate is retained.
During the cleaning process, regularly monitor event logs and certificate issuance to ensure that all operations proceed smoothly.
Before performing these steps, it is recommended that you back up all critical data and certificates to prevent unexpected situations from occurring
Best regards,
Jill Zhou
If the Answer is helpful, please click "Accept Answer" and upvote it.