I have a network with a single domain and 2 sites (A and B), domain functional level is Windows 2003 at the moment.
Site A has:
1. PDC running SBS 2003 (DHCP, DNS, Certificate Service) holding all FSMO roles
2. Windows 2008 R2 DC recently joined the network.
Site B has:
1. DC running Windows 2003 R2 Standard
I planning to demote the SBS 2003 on site A in order to upgrade domain functional level to Windows 2008
What I did:
- Moved all FSMO roles from SBS 2003 to Windows 2008 R2
Now when trying to demote SBS 2003 by running 'dcpromo' I receive the following:
"Before you can install or remove Active Directory, you must remove Certificate Services"
I am not sure how important is the role of the certificate services on the network.
The SBS 2003 box was running Exchange 2003 years ago, but this has now been demoted.
How can I safely find out if I can just revoke the certificates and demote the SBS or
if I shall move the certificate services to the 2008 R2 DC box?