This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 83%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Hi
So we have a Domain Controller with a certification authority which looks as though it was installed for a specific support tool as in the CA name it mentions the tool in this format: SERVERNAME-CA-SOFTWARE.
First, how do i know that this is actually being used and secondly, if it isnt can it be removed. all the devices on the network seem to have this certificate which runs from 2016 (which is when it was installed) to 2021. in the certification authority MMC console the only certificates that are issued are to domain controllers using the Domain Controller Template. there also seems to be one user.
My preference would be to remove this Certificate Authority set up and create a new one otherwise i'll need to migrate it if it is being used as I need to decommission the server that its on.
looking at this page: https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/decommission-enterprise-certification-authority-and-remove-objects
I do not see any of the objects under step 6 within AD so I'm not sure it was even set up correctly as this was setup before I was an employee at the location.
From what I can tell is that they installed it using these instructions
http://gregtechnobabble.blogspot.com/2012/11/enabling-ldap-ssl-in-windows-2012-part-1.html
Please follow this guide (which is an updated version of Microsoft Learn article): https://social.technet.microsoft.com/wiki/contents/articles/3527.how-to-decommission-a-windows-enterprise-certification-authority-and-how-to-remove-all-related-objects.aspx
If it is Enterprise CA, then there should be objects in AD.
Hi, Thanks for that, Would this affect any Active Directory functionality? As I'm just not sure any of this is even in use as its installed on a domain controller it just makes me a bit more wary of removing this stuff as I don't want it to affect any of the rest of the infrastructure. furthermore where am I able to check which type of CA it is as I don't see much information within the certificate itself (within the root CA or the intermediate CA stores)
i do see the server CA within the AD sites and services console
The main concern is any negative or adverse effects on our infrastructure
Based on your information, I can conclude that CA is not used, so you can safely remove and decommission it.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 28.999999999999996%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVW%3C/text%3E%3C/svg%3E)
Hi,
Thanks for the update
》》Would this affect any Active Directory functionality?
base on my knowladage, Should have no effect.
Hope this information can help you
Best wishes
Vicky
Hi, is there any documention anywhere that could confirm this?
Hi,
Just checking in to see if the information provided was helpful.
Please let us know if you would like further assistance.
Best Regards,
Vicky