AD Certificate Services - Add a new domain?

active-directory ad-certificate-services

Names on certificates issued by servers running AD Certificate Services (or any certificate authority, really) are (or can be) completely unrelated to any namespace in DNS or Active Directory. There is generally nothing requiring they be linked.

If I choose to, I can issue a certificate from my internal certificate authority for serverfault.com or google.com. All you have to do is supply that information in the request.

You can see evidence of this everyday by checking the issuer of every secure site you visit and see that the certificate is (usually) issued by an entity that has no relationship to the name on the cert.

Related

When should I not use IIS 8.5's automatic cert rebinding feature?
Set Remote Computer To DHCP Enabled Without Using WinRM
TP-LINK TL-MR6400 IPSEC L2TP VPN tunnel with GCP server
Port forwarding with wireguard
ASRock Rack X570D4U IPMI login failed after password change
My six year-old WPF executable is suddenly being detected as MSIL/AgentTesla.FU!MTB by Windows Defender
Are sony lto6 tapes mp or bf?
What is this private LAN address accessible through my ISP?
mod_jk unable to connect with tomcat9
Get SPN error when trying to join a machine to a domain
How to send an email in .Net according to new security policies?
What is the purpose of Decimal.One, Decimal.Zero, Decimal.MinusOne in .Net