Yo..
Wanted to get your guys recommendations on AD bindings and retrieving an AD certificate?
For me, there’s 2 ways to do this..
- Policy for AD binding, and then an AD Cert config profile.
- Config profile containing both AD binding and AD cert.
However neither seem to be ideal for the following reasons
- An AD cert would push out automatically upon enrollment, but ultimately fail because it will probably try and retrieve the cert before the AD binding completes.
- Unless there’s a way to scope a config profile to only push out upon enrollment only, creating a profile that contains both payloads will push out to ALL computers…ultimately joining existing computers again to AD.
Any ideas or other ways of doing it?
-A