Hello Michael,
Thank you so much for more explanation.
So sorry that I do not have the same environment to do the test. Below is my similar test, we could kindly have a check whether it helps.
I have a template called "Copy of Computer" for Client/Server Authentication. A group called "comp" has rights for auto-enrollement on "Copy of Computer".
The client within the "comp" group have this certificate based on "Copy of Computer" template.
I duplicated "Copy of Computer" to "Copy 2 of Computer" and marked "Copy of Computer" as superseded. I also removed "comp" group from the new Template "Copy 2 of Computer".
In the security tab on "Copy 2 of Computer" I add another Server, and give permissions for read and auto-enrollment.
The results are shown below:
1, On the SRV server, the new certificate based on "Copy 2 of Computer" will be installed.
2, In my test, the client within the "comp" group still have the certificate based on a template that is superseded.
So from my test, the old certificate will not be affected by the superseded setting. It is suggested that we could try to do the test firstly to avoid any problems.
For any question, please feel free to contact us.
Best regards,
Hannah Xiong
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.