[Optional] Test Auto-Enrollment

Do the following steps on the Windows Client machine to ensure auto-enrollment policy works:
  1. Add the Windows Client host member of the domain (yourcompany.com).
  2. Log in as user member of the Domain Admins group.
  3. Type mmc.exe in the Run command to open the Microsoft Management Console.
  4. Click File > Add/Remove Snap-in and select certificates for both user and local computer.

  5. Verify that the user certificate was generated (Current User/ Personal/ Certificates).

    Make sure that the user certificate in the personal store is generated by the Windows CA using your duplicated template.

  6. Verify that the computer certificate was generated. (Local Computer/ Personal/ Certificates requires Admin privileges to check the local computer certificate store.)

    Make sure that the computer certificate in the personal store is generated by the Windows CA using your duplicated template.