Here is a list of links to what I would consider the best of the documentation that I have yet to find. Finding this stuff is not without it’s issues. Microsoft has moved and archived most of it. Indeed, one of these pages was located on one site one day, and was missing the next day, as I was using it. It took a whole lot of searching to find it again.
These first two links are the “Master” pages; links galore including the others below:
Active Directory Certificate Services (AD CS) Public Key Infrastructure (PKI) Design Guide
Windows PKI Documentation Reference and Library
Technology overviews:
PKI:
Certificates:
Certification Authority Guidance
Tier Deployment:
ADCS Step by Step Guide: Single Tier PKI Hierarchy Deployment
AD CS Step by Step Guide: Two Tier PKI Hierarchy Deployment
Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy
Individual Tools and Topics:
certutil – command line Swiss Army Knife tool
Quick Check on ADCS Health Using Enterprise PKI Tool (PKIVIEW)
PowerShell ADCS Deployment
https://docs.microsoft.com/en-us/powershell/module/adcsdeployment/?view=win10-ps
PowerShell ADCS Administration
https://docs.microsoft.com/en-us/powershell/module/adcsadministration/?view=win10-ps
CAPolicy.inf Syntax
Firewall Rules:
Disaster Recovery:
Disaster Recovery Procedures for Active Directory Certificate Services (ADCS) | Microsoft Docs
Local Auditing Policy Setup:
Decommissioning/Replacing a CA:
Good short review of process:
How to decommission a Windows enterprise certification authority and remove all related objects
NOTE: This appears to contains info to wipe out the whole existing PKI. Might want to go easy here.