I just discovered a domain controller that was tombstoned about 2 years ago was actually our Root Certificate Authority. I was wondering what are the steps needed to resolve this so we can set up a new root CA for the domain. I've tested a few workstations with certutil.exe and all come back with this:
Organizational Unit: `'
Exchange Certificate: `'
Signature Certificate: `'
Sanitized Name: `LocalCert'
Short Name: `LocalCert'
Sanitized Short Name: `LocalCert'
Web Enrollment Servers: `'
CertUtil: -dump command completed successfully.
I'd like to setup a new Root CA for the domain and remove the old one but worried what the impacts to users are if I do this during business hours.