We are Windows shop with Active Directory environment and 400 Windows 10 Clients.

We have Six Domain Controllers (DC), all are part of one AD Forest, one DC is windows 2008r2 and remaining are windows 2012 standard. The only windows 2008 DC is showing Enterprise PKI role installed under Active Directory Certificate services (ADCS) and none of others shows PKI . How will I know if this PKI role is Forest wide and all the Forest DCs are sharing this same PKI role ?

Actually I need to retire 2 DCs (1 Win 2008r2) which are the only DCs have AD Certificate Service role installed and must need to transfer PKI to additional DCs to eliminate SSL Cert issuance & renewal problem for Windows 10