Hi,
I am replacing two old DC's (DC1 & DC2, running Server 2008) with two new DC's (DC3 & DC4, running Server 2012). DC1 is currently our Enterprise Root CA.
When I view 'Issued Certificates' and sort by Certificate Expiration Date, I see only 1 certificate is still valid...
Requester name = domain\DC1$
Certificate Template = Domain Controller
Effective Date = 25/07/2014
Expiration Date = 24/07/2015
There are about 20 other certificates all expired (including one called 'CA Exchange (CAExchange)').
Can I safely remove the CA role from this server? Judging by the the valid certificates I don't believe I need an Enterprise CA role in my domain.
Thanks in advance for comments and suggestions.