GPO for Auto Deployment
In Server Manager, click on Tools > Group Policy Management, right-click on your domain, and click Add a new GPO, and give it an appropriate name.
Right-click on the newly created GPO and select Edit.
Go to User configuration > Policies > Windows Settings > Security Settings > Public Key Policy > Certificate Services Client - Auto Enrollment and Computer configuration > Policies > Windows Settings > Security Settings > Public Key Policy > Certificate Services Client - Auto Enrollment.
Turn Configuration Model to Enable, select the options to Renew expired certificates, update pending certificates, and remove revoked certificates, and Update certificates that use certificate templates.
