Two Enterprise Root CA's on same domain

Tom Gordon

5/23/24, 1:27 PM

I am currently replacing 4 2012 domain controllers with 4 new 2022 domain controllers. I have run into an issue with the certificate authority as there were two enterprise root CA's installed on the domain. 3/4 of the new domain controllers received their domain controller cert from a CA that I will need to remove. The other CA will be migrated to one of the new domain controllers. What is the process to clean this mess up? Is there a way to get the correct CA to reissue domain controller certificates or does it even matter? If I just remove the role on the CA that I no longer want to be a CA will the certificates that it issued still be good? What about renewal of the domain controller certificates? I find it difficult to locate information on this topic online so any help is appreciated.

I am including a screenshot of the certificates I am referring to. Each of these certs were issued on the day the server was promoted to a domain controller.

188

0 + 0

domain-controller

certificate-authority

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Two Enterprise Root CA's on same domain

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.