For example, 802.1x network authentication relies heavily on the certification authority to validate the computer machine certificate using LDAP queries against the global catalog.
Also, VPN Gateways may use the same certificate to validate if the computer is allowed to connect checking if the cert is published by the corporate CA and has a valid computer object.
This script developed in PowerShell was designed to perform a LDAP query the AD forest the computer is joined retrieving the published Enrollment Services. It will parse all CAs for the specified cert template and once found will perform the enrollment.
It has built-in resiliency to attempt enrollment for a defined time frame considering network disruption might occur.
I hope you enjoy it and should it be useful or have any suggestion let me know on the comments and I'll be glad to help!
Additional reading about PKI: here
Auxiliary ntrights to grant 'Network Service' permission to enroll: