At some point, the we had a server that was a Windows primary domain controller with certificate authority for the domain. That server was taken offline at some point before started and they didn't transfer the certificate authority or root cert, which has subsequently expired. When attempting to create a new root certificate, we receive an access denied message because it's trying to access the old server. In order to issue a new cert, we need to somehow move the certificate authority to the new domain controller, but since the old server no longer exists so we can't do the transfer. Is it possible to somehow create a new certificate authority on the new DC without the original certificate authority, or do we have no choice but to create a new domain entirely?