LDAP over SSL was initially configured using our 2003 domain DCs but we now have our roles spread between 2 x 2008 DC's (one of the 2003 DC's is now off because it failed, the other is still working as the Certificate Authority).
My question is, can I simply enable the Role on both of our 2008 servers, make them both enterprise > root or not (should one be enterprise > root, the other enterprise > sub)?
Should I do anything with the 2003 server before demoting it (I appreciate Cert Services will need removing from it)
Thanks