How to distribute RDP certificates from ADCS to non-domain members?

Question

I have a few hundred systems that are not AD-joined, for which I'd like to issue RDP certificates from an internal hierarchy (built with ADCS). I can do it manually, by generating CSRs, then signing with ADCS CA, then installing certs - easy, but multiply by a hundred, every 2 years or so, and it doesn't look attractive anymore.

How should I automate it?

Add them to the domain or use a Mobile Device Management solution. — spacenomyous, Nov 29 '18 at 15:39

score 1 · Answer 1 · answered Nov 29 '18 at 19:18

Use the Certificate Enrollment Web Services. What you are describing sounds similar to this but instead of having the users request the certificate as described in the 'Testing the configuration' section you would instead request the certificates via PowerShell or some other scripted process.

How to distribute RDP certificates from ADCS to non-domain members?

1 Answers1