I am working on auto-enrollment of PKI certificates. I got everything working but when I auto-enroll the user certificate, the certificate is not auto-enrolled when this checkbox is enabled. If I uncheck it on the template, the user gets a new certificate. I'm assuming there's a certificate somewhere in AD I might have to clear out? Any help would be appreciated.
"Note: If the CA administrator configured the templates to not duplicate certificates if one already exists in Active Directory, you will have to delete the user’s certificate in Active Directory in order for Autoenrollment to pull down a new certificate."
How do I delete the user's certificate? where does it get stored? I figured under "user mappings" but I don't see anything there.