This is an automated archive.
The original was posted on /r/sysadmin by /u/ArtificialDuo on 2024-01-23 00:21:08+00:00.
The environment I started working at has two root CA servers in the domain serving the same purpose from what I can tell. CA server "A" is a very old windows server and CA server "B" is slightly newer.
My theory is that a previous SysAdmin was meant to be moving the CA services to CA "B" but didn't complete the task or left before completion without leaving any notes.
Problem is that the environments servers, workstation, user accounts seem to be authenticating to either CA server randomly. I've exported issued certificate lists from both servers and compared them - it does look like the admin got halfway through swapping CA servers then stopped for whatever reason.
What I want to is just Power off the old CA server "A" and see what breaks overtime and reissue any problems to CA server "B" but my worry is all the servers and workstation that are currently authenticated to CA server "A".
Has anyone dealt with a similar situation?