Windows 2003 DC to be decommisioned, still running Certification Authority
Posted on 2014-09-19
I have an old Windows 2003 DC that I need to retire. The new Win2008 DCs are in place and seem to be handling everything correctly. But the Win2003 DC is running Certification Authority and I am not sure if that needs attention before retirement. Viewing the CA Console - there is only one certificate on it and it expired earlier this year and looks to have been used for Wireless802.11 authentication with our Cisco WLC at some point. I also see some "Issued Certificates" from 2010-2012 for EFS and DC templates, but nothing current.
1. What can I check to be sure this CA is not doing anything current;ly affecting my domain?
2. Is there anything that the CA might be handling for the other DCs that would not show up in the CA Console?
3. Do I need to remove this completely, so that I can reinstall CA on the Win2008 Svrs later if needed? Assuming I would want to correctly remove all things CA related on this Svr just to be sure that I do not need to access this stuff if at some later date I need to setup a CA on one of the newer Svrs and am told there is already a root CA on the domain.
4. What is the correct way to completely remove all things CA on this Win2003 Svr?