I have old Windows Server 2003 domain controller with enterprise Certification Authority installed. This CA has issued some EFS certificates for users (not too many, fortunately, but to find those people is not too easy). No recover agent for EFS was designated before.
I need to decommission that DC completely and create new enterprise CA. New DCs has different names (old naming scheme is not used anymore), and I want to give new CA a proper name (old one is incorrect and misleading). It means that I cannot simply transfer old CA to a new DC keeping its root certificate and issued certificate list. I have no other choice but to destroy the old CA completely.
What effect will it have for users who (presumably) used old certificates to encrypt folders and files? Will they be able to access their data?