![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 38%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
7,023 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello VIGNESHWARAN M,
Thank you for posting in Q&A forum.
Is there anyway to automatically renew this certificate without manual intervention?
A: Yes, you automatically renew this certificate without manual intervention, please set two steps to automatically renew Domain Controller certificate.
Step 1
Configure "Read and Enroll and Autoenroll" permissions on the specific Domain Controller Certificate Template you configured.
Issue this certificate tempalte.
Step 2
Set Auto-Enrollment policy and apply it to Domain Controllers.
1.Open Group Policy Management, edit the Default Domain Controller Policy (or create a new GPO and link this new GPO to Domain Controllers OU and edit this new GPO).
2.Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies. Here you will see Certificates Services Client – Auto-Enrollment policy.
3.Open its properties and choose Enabled on the Configuration Model box, then check the boxes Renew expired certificates, update pending certificates, and remove revoked certificates and Update certificates that use certificate templates. Click OK when you are done. As you can see this policy will automatically renew any expired certificates and also cleans up the certificates store of any certificates that expired.
At last, run gpupdte /force on Domain Controller or wait for the group policy to refresh in the background (by default it refreshes every five minutes on DC).
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.