Hi
I've inherited a domain with a CA running on a Windows Server 2008 R2 member server. I've been told it was set up originally to issue machine certificates for a wireless system we no longer use.
As the server is being decommissioned shortly, I would like to remove the CA. The only two certificates it currently has issued are the following:
- Directory Email Replication (to DC)
- Domain Controller Authentication (to DC)
I've read the document http://support.microsoft.com/kb/889250 regarding removing CAs.
My question is, is it good practice to not have a CA running on your domain?
Thanks
Andrew