I have an enterprise root CA 2008 R2 server issuing automatic computer and user certificates out to the domain. I would like to decommission the server they are coming from. We currently have another CA in our environment we would like to take it's place, on a domain controller. Ultimately I would like deploy a fresh enterprise root CA as a standalone for the domain (off of a DC).
My questions regarding this situation
1. It appears we have no real need for this CA at the moment, we do not use SSL for internal domain websites nor EFS for file shares. Could i effectively revoke and destroy all CA's in the environment? Am i missing something?
2. Is a CA required for basic domain functions?
3. if i cannot remove the CA, could i effectively revoke all the certificates and decommission the CA?
4. What is worse cast scenario if i destroy and revoke all certs?