If you’ve ever had a failed certificate authority in one of your environments, it probably caused a lot of issues! In that case, there are various ways to remove that certificate. But sometimes those various “recommended” solutions don’t work and the failed certificate is still present even after you’ve tried to remove it.
In this post, you’re going to learn how to remove a failed certificate authority from your active directory sites and services manually, when all else fails.
Please note this is not necessarily a recommended solution. This is a last resort solution for certificate authorities that you just cannot get out of your domain environment. It is not a first line of defense. It is a last line of defense, and should only be attempted when you’ve tried various other solutions to remove the certificate (see the link below) because we typically don’t want to edits the objects in sites and services manually as an accidential deletion can cause issues.
Let’s jump in.
How To Manually Remove A Failed Certificate from Azure AD
In your Active Directory Sites and Services node, make sure your view is showing the Services node.
After that’s done, expand it. In the Services node, you will see Public Key Services. Go ahead and expand that to see all your objects, containers, nodes, and all of the things that pertain to a certificate authority.
If you have a stuck certificate authority, you can find each of the objects under these nodes and delete that failed node.
The AIA, CDP, the Template, Certificate Authority, Enrollment Services, and KRA will all have instances pertaining to that failed node.
Be sure that as you go through each of the nodes, objects, and folders and remove it. But remember, you are only removing instances pertaining to the old certificate authority and leaving the new certificate authority intact.
However, in this particular instance, none of the old templates or certificates were needed to be applied or carried through.
Once you’ve completed going through each of the nodes and deleting every instance, you’re done.
If you have any questions, feel free to get in touch with us at model-technology.com.