Fact: when the member computer is joined to the domain, the AD-published Root CA certificate is pushed to the new member automatically.
Question: is there any PKI MVP blog that describes this in more detail? FOr example, if I add a new CA to the system after member joined to the AD, will the new CA certificate be pushed to the member as well?