Hi
We have a domain controller that is about 12 years old, the OS itself has been upgraded regularly (now it is Windows Server 2019) because in these years a lot of setting has been changed or a couple of services connected to Active Directory then disconnected, a lot of junks has been leftover and many services not work as proper as used to.
Therefore, we need a way to clean up our domain controller.
Recently we seize our primary DC and install a fresh OS but when making it primary again, it takes back all those crap from our additional DC, so back, to where we are
The reason I ask you is that recently an annoying problem occurred, any Windows PC that joins our domain get SSL Cert error even for google.com
I create a policy on top of the tree and import an updated version of certificates from Microsoft and enforce that policy but the problem still exists.
PS: dcdiag.exe is showing everything pass
Thank you in advanced