The script carries out the following steps:

  • Creates and installs the CA certificate, also to the group policy
  • Sets externalId to be a unique attribute
  • Creates the authentication policy
  • Creates and configures the passwordless Windows login application
  • Creates a KDC certificate: request creation, issuing of certificate from request, installation of certificate

You can download the script here.