Last year I installed a new Dc on our network. The plan was to replace an older Server 2003 box and retire it. I transfered the FSMO roles to the new server and everything seemed to be working fine. I later took the old 2003 server out (it is still sitting here) and forgot to demote it. I have been getting some login problems as of late but everything else seem to be OK. I ran the cerutil and found that the network still has the old 2003 server as its authority for the domain.
The old server has been off for over a year and I am hesitant to turn it back on to demote it. I'm thinking it would try to sync very old stuff with the newer DC server. How do I get my newer DC to be the cert authority?