I'm updating a rather old AD infrastructure, there is one 2003 server left, I want to decommission it. DCpromo says I can't remove AD until I remove certificate services first. Cert services is running on this machine and one other, a 20008R2 server, each shows a different certificate authority name. I checked the certificates issued on both machines, the latter one seems to have issued most of them lately. Only domain controllers seem to have requested certificates, ever. This 2003 server only shows 4 certs that haven't expired by now, three with the template Computer (machine) and one with the template Domain Controller (DomainController).
So, are there any ramifications if I just uninstall the certificate services on this old machine? if so, is there a way to get the 4 domain controllers with currently active certificates from this old CA to get certs from the new CA instead, and is that doing enough, prior to uninstalling cert services so I can uninstall AD?