I was in the processing of setting up certificate services in a sandbox environment so as to refine a scenario for certificate-based secure wireless. It turns out our AD forest had several past attempts at setting up a certificate-services based PKI. To make matters more entertaining, the CAs were long-decommissioned domain controllers. I'm at the point where I'm ready to work with the live environment. Before I start rolling out the CAs, GPOs, et cetera, I'd like to cleanse the forest of any previous PKI references. Is this possible? Do I even need to be concerned about this? As far as I can tell, we never used any CA-based processes. As I'm still rather more of an idiot than savant when it comes to certificate services, would there be a concise and/or thorough guide to doing this?