My current domain functional level is 2003
I would like to raise it to 2008, but I need to retire a domain controller running windows server 2003.
This wouldn't be too difficult except this domain controller is running Active Directory Certificate Services, which I don't have any experience with.
I would like to migrate the certificate authority to a single server running Windows server 2012 R2, which is NOT a domain controller.
1. Is it possible to use Windows server 2012 R2 as your certificate authority when your domain functional level is 2003?
2. Does the new certificate authority need to be a domain controller?
3. I've read that migration is possible using backup and restore, but you need to make sure the enterprise root certificate name is the same on the destination computer. I ran certutil.exe from the command prompt and it generated 3 entries. How do I know which one is the proper root certificate name. One of the entries says (Local) and is the only one pingable.
***answers to these questions would be greatly appreciated and if you have any step by step instructions the would be helpful as well.