![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 60%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
7,023 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Hello
Thank you for your question and reaching out. I can understand you are having query related to root certificate distributed windows.
You must publish the root certificate into AD if the root CA is an offline root CA (standalone root CA).
RootCACertifice: certutil -dspublish RootCA
The certificate will then be distributed using the autoenrollment settings to the trusted root store of every domain joined client.
This will finally happen automatically if the root CA was joined to the domain, although it may take up to 8 hours (default GPO application time). Restarting a client computer will compel it to accept the root CA certificate. Normally, I give distribution time for an overnight period.
-----------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept as answer--