![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 50%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,521 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Superseded certificate templates may be an issue, but it's easily avoided if you have the right policies in place. If you don't have autoenrollment configured properly for users it can result in the deletion of certificates, based on the certificate templates being superseded by other certificate templates, from user's AD store.
However, the troubleshooting steps for overcoming this issue (or better yet, configuring things properly so that this doesn't happen) are covered here.
In addition to the deployment guide you linked, I would also recommend checking out this additional WHFB deployment guide. This discusses some of the important considerations when replacing the Domain Controller.
Let me know if that's what you were looking for!