I've inherited an AD environment with two CA servers. The original CA is on a server that we are trying to permanently retire. It appears that in the past someone had tried to install a new CA and turn the old one off (which didn't work) which is why there are now two CAs. I've read a lot about AD CS but for some reason it just isn't clicking.
All servers are running 2008 R2.
In the AD CS console under Enterprise PKI I have two servers listed:
- SERVER1-CA(2) (this appears to be the original first CA)
- SERVER2-CA
Here is what I would like to do:
- Move the CA from SERVER1-CA(2) to either a new or existing server
- Remove the second CA and just have the original root CA
I've read guides on how to move the CA role from the original server but I don't understand what I am supposed to do with SERVER2.
Could someone please point me in the right direction?