This should help w/the CA: http://technet.microsoft.com/en-us/library/ee126170(v=ws.10).aspx
- WJR On Thu, Aug 29, 2013 at 4:35 PM, David Lum <[email protected]> wrote: > So… in my environment we have four ancient DC’s. Two root DC’s and two > of five subdomain DC’s. These have been around enough and our environment > is complex enough that we aren’t sure how many systems rely in the specific > IP or hostname.**** > > ** ** > > Seems to me it should be fairly straightforward to stand up new with same > name/IP as the originals:**** > > ** ** > > **· **Transfer all FSMO roles**** > > **· **Demote DC (DCRPOMO)**** > > **· **Unjoin from domain**** > > **· **Power off**** > > **· **Build new server with same name**** > > **· **Join to domain**** > > **· **Install AD DS roles**** > > **· **DCPROMO**** > > **· **Transfer FSMO roles back (optional)**** > > ** ** > > Now in one case the DC is also a certificate server, although we aren’t > 100% sure if/how it’s being used. Surely there are some caveats to consider? > **** > > *David Lum* > Sr. Systems Engineer // NWEATM > Office 503.548.5229 //* *Cell (voice/text) 503.267.9764**** > > ** ** >
