We are in the process of retiring our last 2003 DC so that we can move to a 2008 DFL and FFL. In attempting to demote our 2003 DC it is telling me that I need to remove the CA from it. No one is quite sure why we have a CA installed, I am not sure we are using it at all. I have pulled the current active certs issued by it, and they are mostly EFS and a few DC certs. Question that I have is two fold:
1. Is it in our best interest to migrate this over to the new 2008 DC, following this guide?
Or, can I simply remove CS from 2003 and create a new one in 2008 and request new certs for all of these things?
2. Do we in fact actually need a CA for normal DC communications? My understanding is no, we do not. And unless we want to issue certs for things or request EFS certs, it is not needed, and I can simply remove CS from this and not even bother setting it up on the new one.
Thank you for your time,