I have an AD Domain with 3 DCs (2 running R2.. the 3rd I'm trying to remove not R2), 13 servers (Servers all running 2003, 1 Exchange 2003), 76 PCs (XP 32 & 64 Bit, 3 vistas), 3 Linux boxes.
DC 1& 2 I built have been running smooth, the 3rd I inherited and is about to die. Before it has completely died from Hardware failures, I have xfer all FSMO role to DC1 and removed the Printer server/DHCP/DNS to the other DCs.
I would like to remove DC3 from being a Domain controller, however it has Certificate Authority on it that needs to be removed before I can dcpromo it out of the AD. I am unfamiliar with CA and have some questions.
1) is a CA even really necessary to run a standard single domain? As I look at the CA on DC3 I am not convinced it was properly setup and everything in the domain has been fine. If I look in the "Failed Requests" folder of the CA server, there are litterally 1000's of entries with status code of "The revocation function was unable to check revocation because the revocation server was offlin" and Disposition Message of "error Verifying Request Signature or Signing Certificate".
If none of these have been processing and everything on the network seems to be running.. I come by back to the question... Is the CA Necessary?
If it is, what are the steps to remove this CA on the DC3 that is being decommissioned and creating a proper one that works?