I just took over as the IT Admin at a company that had 4 different IT Admins in the last year. Needless to say things are a bit unorganized.
My domain has 3 controllers, but only one was set up as a certificate authority. My Enterprise PKI is in error all the way to the lowest level because the CA Certificate there is expired. However, the CA Certificate on the level above that is valid. Just to compound my problem, the personal certificates for the domain controller are all expired as well, both the Root CA and the subordinate. I can't create a new CA certificate because I don't have a valid CA to do it from. I can't renew the old because I don't have permission to do so because I have to do it from a valid Root CA, which I can't.
I had the CAPI2 log running when I restarted ADCS so I have a record of the errors, but I don't know how to proceed. What can I do in this situation?