Working on trying to figure out some items in Active Directory Certificate Services.
I stood up a new test/development domain with two DC's and installed AD CS on one of the controllers (not recommended I know, but practicing for a AD CS migration). Both DC's have a issued certificate granted to it with the "Domain Controller" certificate template. This was all automatic and nothing I did nor setup for the two DC's to automatically request and be issued a certificate.
Looking at the production domain, there are two DC's and one of the DC's has AD CS installed on it. Only one of the DC's have a Issued Certificate granted to it in the "Issued Certificates" container...the other one does not.
Shouldn't the other DC have an issued certificate in AD CS? What caused the newly stood up domain/AD CS instance to issue Domain Controller certificates automatically?
Comparing the GPO's for Auto-enrollment, I see no options in either of them.
I stood up a new test/development domain with two DC's and installed AD CS on one of the controllers (not recommended I know, but practicing for a AD CS migration). Both DC's have a issued certificate granted to it with the "Domain Controller" certificate template. This was all automatic and nothing I did nor setup for the two DC's to automatically request and be issued a certificate.
Looking at the production domain, there are two DC's and one of the DC's has AD CS installed on it. Only one of the DC's have a Issued Certificate granted to it in the "Issued Certificates" container...the other one does not.
Shouldn't the other DC have an issued certificate in AD CS? What caused the newly stood up domain/AD CS instance to issue Domain Controller certificates automatically?
Comparing the GPO's for Auto-enrollment, I see no options in either of them.