I am trying to determine if I need to migrate or can simply uninstall and decommission a 2003 Server (non PDC) which has the role of a AD CS. It's a bit of a dependency tangled mess. I have been looking at all of the migration instructions to move this AD CS role and settings over to a Server 2012 OS (which I will not have as a DC). The process looks very complicated and long, with almost all of the information piecemeal, coming from Technet blogs as apposed to some official walk through or utility, with the exception of the two following links (which contain more than a few mistakes according to user comments)...
My question is, do I need this role in my environment. I'd prefer to simply uninstall this role, demote the server, metadata clean up and shut the server down. The only certificates it seems to have issued are a few file level encryption certificate templates, which I can get around by telling these users to un-encrypt these files.
However, what does worry me are the Domain Controller certificate templates that are issued to our Domain Controllers. What the heck do these do? Are they important? Are they necessary for AD replication, user, groups, computer, GPOs, file permissions, remote dial in access, or any of the "traditional" Active Directory Domain based things to function?
Thanks for the info.