I'm upgrading all of our servers from 2008r2 to 2016. I have one server that I am looking to decommission, but am having some trouble.
This server was the primary 2008r2 Domain Controller. It had AD, DHCP, DNS, and AD certificate services installed on it. I have moved everything but ADCS.
When looking to dcpromo demote the server, I get an error that ADCS is running. I'm not sure how I can tell which certificates will break or which machines will continue functioning. Should I be migrating ADCS to another server, or can the infrastructure survive without ADCS?
I acquired this network/server setup, and haven't worked with ADCS before.
Please see the attached images with some description. I have omitted sensitive data, and have sorted by cert expiration date.
From research, I know that the User Basic EFS certificates are not used anymore, and can be skipped. We are also not using the deleted server for RAS/IAS Wlan. Lastly, we are not using the CA Exchange cert as we are using Office365 for everything.
Are the Domain Controller Authentication and Directory Email Replication certs okay to revoke, or will things break?
Thank you in advance!