We install the AD CS role. Note that the server must be a member of domainxx. You may need to add the server again.
Install and configure an Online Responder. Then establish a revocation configuration.
We use some existing templates to create new templates for certificates.
Configuring autoenrollment in a couple of certificates.
We create a special user to act as a key recovery agent, then create a key recovery agent certificate template.
Cleanup after Project 13