ADCS removal from DC

Hello,
We are upgrading our Domain controllers from 2008R2 to 2012R2 server but now running into an issue while trying to upgrade the last 2008R2 DC. This DC has the ADCS role installed and it's not allowing me to decommission this DC until the role is removed. We are unsure if this certificate server is being used at all and we suspect that it isn't. It looks like the admin before me did the basic setup but never configured auto enrollment with GPO. How can we tell if this cert server is being used and if not used can we simply remove the role and continue on with the upgrade process?
Thank you
ADCS-Server-Cert-Templates.PNG
ADCS-Server-Issued-Cert.PNG
Rajesh446Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Zaheer IqbalTechnical Assurance & ImplementationCommented:
In the CA snapin check for any issued certificates.
You can also backup the CA from the snapin.
Action Menu -->All Tasks..
0
Zaheer IqbalTechnical Assurance & ImplementationCommented:
0
Zaheer IqbalTechnical Assurance & ImplementationCommented:
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Rajesh446Author Commented:
Thanks Zaheer.
We would like to discontinue using ADCS so how would we be able to get rid of it completely?
0
Tom CieslikIT EngineerCommented:
First at all you must be and Enterprise Admin group member

then:

To uninstall a CA
Click Start, point to Administrative Tools, and click Server Manager.
Under Roles Summary, click Remove Roles to start the Remove Roles Wizard. Click Next.
Clear the Active Directory Certificate Services check box, and click Next.
On the Confirm Removal Options page, review the information, and then click Remove.
If Internet Information Services (IIS) is running and you are prompted to stop the service before proceeding with the uninstall process, click OK.
After the Remove Roles Wizard is finished, you must restart the server to complete the uninstall process.
The procedure is slightly different if you have multiple Active Directory Certificate Services (AD CS) role services installed on a single server. You can use the following procedure to uninstall a CA but retain other AD CS role services.
You must log on with the same permissions as the user who installed the CA to complete this procedure. If you are uninstalling an enterprise CA, membership in Enterprise Admins, or equivalent, is the minimum required to complete this procedure. For more information, see Implement Role-Based Administration.
To uninstall a CA role service
Click Start, point to Administrative Tools, and click Server Manager.
Under Roles Summary, click Active Directory Certificate Services.
Under Roles Services, click Remove Role Services.
Clear the Certification Authority check box, and click Next.
On the Confirm Removal Options page, review the information, and then click Remove.
If IIS is running and you are prompted to stop the service before proceeding with the uninstall process, click OK.
After the Remove Roles Wizard is finished, you must restart the server to complete the uninstall process.
If the remaining role services, such as the Online Responder service, were configured to use data from the uninstalled CA, you must reconfigure these services to support a different CA.
After a CA has been uninstalled, the following information is left on the server:
The CA database

The CA public and private keys

The CA's certificates in the Personal store

The CA's certificates in the shared folder, if a shared folder was specified during AD CS setup

The CA chain's root certificate in the Trusted Root Certification Authorities store

The CA chain's intermediate certificates in the Intermediate Certification Authorities store

The CA's CRL
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rajesh446Author Commented:
We would like to discontinue using ADCS so how would we be able to get rid of it completely?
0
Tom CieslikIT EngineerCommented:
I just told you how.
After all steps all will be deleted and you going to be able decommission your DC server from your forest
0
Tom CieslikIT EngineerCommented:
Best solution provided. No more other questions from author
0
Rajesh446Author Commented:
Your advice helped me out alot. Thanks for taking the time to help me out with this.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.