Question : DCPromo & Cryptographic Keys

Hi,
Our company has a single domain forest with only one domain controller/DNS server, running Windows Server 2003.  We are planning on adding another server to the mix running Windows Server 2008 R2 to become another domain controller.

I have done this in a test environment, and it works perfectly.
However, I am very nervous about this warning message when you run DCpromo.exe
"All cryptographic keys will be deleted and should be exported before continuing."

We currently have 3-4 web servers running IIS.  The only server that is using SSL, I believe is our Exchange client access server for Outlook Web Access.  We also do have a VPN set up which has a security certificate.

Is this something to worry about?  How do I prepare for this?  What do I do if when I set up the new domain controller, some of our IIS sites and/or VPN don't work?

Thanks,
Jamie

Answer : DCPromo & Cryptographic Keys

Running DCPromo will only erase the Cyrpto keys that exist on the server you are promoting. As long as you aren't promoting your IIS server, those keys will not be affected.