I'm running into a minor issue with our certificate services in our domain and can't seem to figure out how to resolve.
We had an old Enterprise CA (DCSERVER) that was setup, used for a little bit, then decommissioned before I started. I think they just uninstalled the role from the server (2003) once they were done testing.
Since then I have completely decommissioned this server (demoted from AD and shut it down forever)
The problem is this CA's certificate is still being published to the Trusted Root CA store on all the domain members. I can't seem to figure out how to get rid of this certificate. I deleted it from the local store on my PC and it is back after a restart which leads me to believe AD is pushing this back to me on a GPO refresh.
Anyone know how to get rid of this certificate forever?