I am new to windows Certificates, i am also very stupid and have before installed a CA and then forgot about it and deleted it without thinking. (its unrecoverable) I have now a new CA and i am attempting to undo the damage done, further more i would like to deploy certain certificates to secure RDP, SSL, HTTPS etc.... The question i have is: is there a way to survey the domain and find out what computers have what certificates, and using GPO make then drop the old certificates and request a new one using the now new Auto enrolment policy? all help is appreciated