Here you go: How to Decommission a Windows Enterprise Certification Authority and How to Remove All Related Objects
Do only step 6 and step 7. After that, they will gone completely.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I inherited a network with two orphaned Enterprise CAs in Active Directory. Both DCs that were running these CAs, are long gone.... I found the following article and would like to confirm that it still applies to get rid of these orphaned CAs. The current DCs are a 2008 R2 DC and a Server 2016 DC. The Forest and Domain Functional Levels are both at 2008 R2.
Thanks for any help with this!!
Here you go: How to Decommission a Windows Enterprise Certification Authority and How to Remove All Related Objects
Do only step 6 and step 7. After that, they will gone completely.
Hi,
If you want delete a orphaned enterprise PKI , you can use adsiedit.msc tool to delete all PKI settings saved in configuration partition:
CN=Public Key Services,CN=Services,CN=Configuration,DC=ForestRoot,DC=com
Please don't forget to mark this reply as answer if if help you to fix you issue
Hi,
Based on my understanding , the CAs running on the old DCs have been removed , you want to manually remove old CA references in Active Directory, right?
Based on my research ,yes, you can try the way mentioned above.
If there are progress , welcome to share here!
Best Regards,