In the Windows domain, enable the certificate auto-enrollment for computers and domain controllers.
To enable certificate auto-enrollment for computers and domain controllers
- Log in to the server hosting Active Directory.
- Open the Group Policy Management administrative tool. Select Start > Windows Administrative Tools > Group Policy Management.
The Group Policy Management dialog box appears.
- In the tree view, expand the Domain Controller you will modify.
- Right-click Default Domain Policy > Edit.
The Group Policy Management Editor dialog box appears.
- Expand to Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies.
- In the content pane, right-click Certificate Services Client Auto Enrollment > Properties.
The Certificate Services Client Auto Enrollment Properties dialog box appears.
- In the Configuration Model drop-down list, select Enabled.
- Select Renew expired certificates, update pending certificates, and remove revoked certificates.
- Select Update certificates that use certificate templates.
- Click OK.