Hi Guys, I've just noticed our RODC's Domain Controller Authentication Certificate is about 3 weeks off its expiry date, and was wondering why it hadn't autoenrolled... I've read that the ERODC group needs enroll/autoenroll on the certificate template for this to occur - which it does, but I've noticed that my RODC is not a member of the ERODC group... Is it just a matter of manually adding my RODC to this ERODC group and the autoenrollment should work? - or do i need to initiate it because it has past its renewal period? I can't seem to find any doco on when/how the RODC is added to this group... and I cant see any events in the logs to suggest that the RODC has even attempted to renew the certificate (no Event ID 13 errors)...