How to renew computer serfificates in AD gp based system before term ends?

Anonymous
2020-08-25T09:48:15.613+00:00

Hello.

We have internal CA server and AD based distibution of certificates to computers by group policy.
I'ts all good and fine, but now we had to edit computer certificate template
for certificate based autentication to network with radius. (yes we use computer certificates not user sertificates)

This works also fine when i manually update computer certificate from client side by certificates mmc.

But how can I command all computers to update their sertificates mid term
so all of them get new sertificates with modified field?
(change of SUBJECT fied from empty to DNS name)

Matti T

Windows for business | Windows Server | Devices and deployment | Configure application groups
Windows for business | Windows Client for IT Pros | User experience | Other
{count} votes

Accepted answer
  1. Vadims Podāns 9,186 Reputation points MVP
    2020-08-25T12:35:34.343+00:00

    If you use certificate autoenrollment, then go to affected certificate template (in certtmpl.msc), right-click on it, Reenroll all certificate holders menu item. When autoenrollment triggers next time (within 1 day), it will detect that existing certificate must be renewed out of standard AE renewal schedule and will reenroll the certificate from updated template.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.