Hi I'm quite new to NPS.
Following Scenario:
I have an old domain let's call it source.dom and a new domain (target.dom). Both have NPS Root-CA and Client Cert Auto-Enrollment. After a client is migrated from source.dom to target.dom, the client still has its Client-Auth-Cert from source.dom CA. Due to
Cert-Auto Enrollment he also has Client-Auth-Cert from target.dom. That means we now have two certs from different CAs. When client now authenticates using PEAP-TTLS which client-certificate is used? Can this be somehow enforced on NPS?
Best regards
Pirmin