How to "force" domain computers to re/authenticate to domain before its certificate expires

Ted Rybicki 0 Reputation points
2023-03-11T04:19:31.7133333+00:00

Hello ~ I'm looking for a way to force windows 10 domain computers to authenticate / re-authenticate to the domain ( any DC ) on demand / i.e. before they normally do when their certificate expires...

Preferably via GPO / startup script

thanks in advance

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,559 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,817 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Daisy Zhou 18,701 Reputation points Microsoft Vendor
    2023-03-13T02:07:51.6066667+00:00

    Hello Ted Rybicki,

    Thank you for posting in our Q&A forum.

    Based on the description, I understand you want to make the domain computers authenticate / re-authenticate to domain like they normally do when their certificate expires and/or after their certificate expires, am I right?

    If I understand it correct, you can try:
    1.Make the domain computers disconnected from domain.
    2.Why do not we renew all the certificates before the certificates expires.
    3.Or why do not we request all the certificates after the certificates expires.

    https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates

    4.We can change other authenticate methods (such as user name and password)

    Hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments