Hello @Sumitra Maharjan ,
Thank you for posting here.
Based on the description above, I understand you have three parallel CA servers, they are all issuing CA servers (maybe they are all enterprise CA servers), and we want to decommission the two 2012 CA servers before we exporting all the active certs from the two Windows 2012 servers.
Here are my suggestion:
On first Windows 2012 CA server (also DC), it has about 1300 certificates with 900 already expired (so about 400 active).
On the second Windows 2012 CA server, it has about 800 certificates and half of them are already expired.
1.For all the certs that are not expired on the first Windows 2012 CA server (also DC) and the second Windows 2012 CA server, we should reenroll using the third Windows 2016 CA server.
2.For all the certs that are expired on the first Windows 2012 CA server (also DC) and the second Windows 2012 CA server, if we do not need these certs, we can ignored them. However, if we still want to use any of them, we should also reenroll it using the third Windows 2016 CA server.
On 3rd Windows 2016 CA server that we would like to keep, it has about 900 certificates with 450 already expired.
3.For the all the certs on the third 2016 CA server that are not expired, we keep them.
For the all the certs on the third 2016 CA server that are expired, if we do not need these certs, we can remove them; If we still want to use any of them, we should also reenroll it using the third Windows 2016 CA server.
Reference
How to decommission a Windows enterprise certification authority and remove all related objects
https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/decommission-enterprise-certification-authority-and-remove-objects
Hope the information above is helpful.
Should you have any question or concern, please feel free to let us know.
Tip: If we export all active certificates issued by two Windows 2012 CA servers and import them to the third 2016 CA server, after you decommission two Windows 2012 CA servers, these certs can not be used.
Best Regards,
Daisy Zhou