I have just finished decommissioning a couple of internal CA's and have also since created a new one. I followed the Microsoft document to undertake the decommissioning process (http://support.microsoft.com/kb/889250
) which was fine, except for one of the final stages.
Near the bottom, step 9 it says: 'Important Do not use this procedure if you are using certificates that are based on version 1 domain controller templates' in relation to cleaning up domain controller certificates. However, I'm not sure how I would know, so my question is how do I find out what version they are.
The command 'certutil -dcinfo' displays a number of old certificates that I would like to clean up however I don't want to proceed without being sure. Both of the old CA's were Windows Server 2003 Enterprise.