Hi
I have just completed the process of decommissioning an Enterprise Issuing CA using kb889250. Step 9 talks about cleaning up the domain controllers by runningcertutil -dcinfo deletebad, however there is a note that says that this process should not be performed on certificates based on version 1 domain controllers. The decommissioned CA (Windows 2008 R2 Datacenter) did not issue any certificates, however it does have a certificate in the Intermediate Certification Authorities which has been replicated to all machines in the domain. The Version attribute on the details tab of the certificate says version 3. How do I know if I have other certificates based on version 1 that might be removed by running this command?
I would obviously like to clean this up. Is the certutil -dcinfo deletebad command the correct command to clean this up in our domain?
Regards
Devin