If you’ve ever had a failed certificate authority in one of your environments, it probably caused a lot of issues! In that case, there are various ways to remove that certificate. But sometimes those various “recommended” solutions don’t work and the failed certificate is still present even after you’ve tried to remove it.

In this post, you’re going to learn how to remove a failed certificate authority from your active directory sites and services manually, when all else fails.

Please note this is not necessarily a recommended solution. This is a last resort solution for certificate authorities that you just cannot get out of your domain environment. It is not a first line of defense. It is a last line of defense, and should only be attempted when you’ve tried various other solutions to remove the certificate (see the link below) because we typically don’t want to edits the objects in sites and services manually as an accidential deletion can cause issues.

Let’s jump in.


How To Manually Remove A Failed Certificate from Azure AD

In your Active Directory Sites and Services node, make sure your view is showing the Services node.

After that’s done, expand it. In the Services node, you will see Public Key Services. Go ahead and expand that to see all your objects, containers, nodes, and all of the things that pertain to a certificate authority.


If you have a stuck certificate authority, you can find each of the objects under these nodes and delete that failed node.

The AIA, CDP, the Template, Certificate Authority, Enrollment Services, and KRA will all have instances pertaining to that failed node.

Be sure that as you go through each of the nodes, objects, and folders and remove it. But remember, you are only removing instances pertaining to the old certificate authority and leaving the new certificate authority intact.

However, in this particular instance, none of the old templates or certificates were needed to be applied or carried through.

Once you’ve completed going through each of the nodes and deleting every instance, you’re done.

If you have any questions, feel free to get in touch with us at model-technology.com.

Identify Infrastructure Security Holes and Growth Opportunities

How mature is your infrastructure? Have your infrastructure assessed by Model Technology engineers, and identify exactly where and how Unified Endpoint Management could improve your security, compliance, and efficiency.

About the Author: Jason Rutherford

Managing Partner – Model Technology Solutions With over 21 years of Enterprise IT, Jason’s focus on people, process, and delivery has shaped Model into the organization that it has become today. His approach to creating a consulting organization focused on creating IT efficiencies has led to strategic partnerships with Model’s clients. He believes in strong community support and that knowledge sharing is a critical factor to success.

Three Minutes For A More Secure & Efficient Infrastructure

Short and to the point, Steve’s Email Blasts give you endpoint management tips, tricks, and news in three minutes or less email read-time, guaranteed.

Model says no to spam. Privacy Policy

Model Technology Solutions

Model Technology Solutions is a small but mighty band of infrastructure experts. We’ve helped companies in diverse industries to modernize and automate their infrastructures through effectively managing their Microsoft endpoint suite.

With us on your team, you’ll watch your security and compliance go up and your IT team’s costs (and headaches) go down. You’ll relax in knowing that your endpoints will be secure and online when your users need them most. And you’ll finally get back to your most-important tasks.

Model Technology Solutions
12125 Woodcrest Executive Drive, Ste. 204 Creve Coeur, MO 63141

Phone: (314) 254-4138
General Inquiries: model@model-technology.com
Sales and Quotes: sales@model-technology.com