We have an old AD server having a hard time to keep up with sync and everything and causing ldap request latency for our Exchange 2007 environment. We bought new hardware and we are slowing adding newer server and decomissionning the older ones. We encountered a little issue with we tried put our hands on the AD server having the Certificate Authory role.
I know it can be transfered but I would like to keep that option for later. A fast way and more secury way to eliminate the latency issue would be to transform that AD server into a dedicated standalone CA server. My question is, can we, in a first time, remove the Global Catalog from that AD server without impacting on the CA role? And secondly, can we simply dcpromo down the AD server without impacting on the CA role? At which extend can we push that idea and what needs to be considered. It is running on a Wk3Ent R2 server.