We just upgraded our Windows Root CA from 2003 to 2012 R2. We kept the servername the same to minimize the migration. We noticed in AD there are some references to old CAs still there and wondered what the best way to remove them is. We noticed them in Adsiedit under Configuration > Services > Public Key Services. Most of the sub-CNs have references to old, stale CAs.
Orange County District Attorney