Hi,
I've setup a CA which delivers Exchange Certificates to allow sign & crypt e-mails. Roaming Credentials have been setup on my domain (multiple user connections over multiple sites with distinct DCs). Auto-Enrollment GPO has been set and applied to all user's account OUs. Certificate Template has enrollment + autoenrollment rights for all authenticated users
Within the same OU, some user accounts don't have any certificate in their AD Certificate store, some other's do (in fact, most users have their certificate published in their AD certificate store). Users which don't have their certificate published in AD have their certificate issued by the CA itself.
Question1: how do I identify all user's account in that case ?
Question 2: how do I force involved users' certificate to be re-published in their AD certificate store ?
Question 3: how to prevent such behavior to occur again ?
Thanks in advance for your cooperation and for your replies.
Raphael