I was in the processing of setting up certificate services in a sandbox environment so as to refine a scenario for certificate-based secure wireless. It turns out our AD forest had several past attempts at setting up a certificate-services based PKI. To make matters more entertaining, the CAs were long-decommissioned domain controllers. I'm at the point where I'm ready to work with the live environment. Before I start rolling out the CAs, GPOs, et cetera, I'd like to cleanse the forest of any previous PKI references. Is this possible? Do I even need to be concerned about this? As far as I can tell, we never used any CA-based processes. As I'm still rather more of an idiot than savant when it comes to certificate services, would there be a concise and/or thorough guide to doing this?

yes, it is possible. Here is an article: http://social.technet.microsoft.com/wiki/contents/articles/3527.how-to-decommission-a-windows-enterprise-certification-authority-and-how-to-remove-all-related-objects.aspx start with step 6 (actually you need to cleanup Active Directory only).My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki