One of the domain controllers that I need to demote/delete/format/vaporize is also a root CA (W2K8R2). It made sense having it when the organization had an in-house Exchange. Now that it is hosted by M$, there is no moreuse for Certificate Services. I want it gone.
AD CS is not my forte and I need help taking this beast apart. I came across this article and will be using it as a guide, but there are still some things I can't wrap my head around:
http://support.microsoft.com/kb/889250
1) I've got issued 6 Domain Controller certs (for each DC) and 15 EFS certs. Beforestarting thedecommissioning steps I want to ensure that those 15users regenerate their own cert and key toencrypt theirfiles. Where do I start?
2) Do I need to have those 15 users decrypt their files before revoking their existing certs, and then [my logic tells me] set the CA...