We are upgrading our Domain controllers from 2008R2 to 2012R2 server but now running into an issue while trying to upgrade the last 2008R2 DC. This DC has the ADCS role installed and it's not allowing me to decommission this DC until the role is removed. We are unsure if this certificate server is being used at all and we suspect that it isn't. It looks like the admin before me did the basic setup but never configured auto enrollment with GPO. How can we tell if this cert server is being used and if not used can we simply remove the role and continue on with the upgrade process?