Microsoft CA Auto Enrollment
If, Do not automatically enroll checkbox is ticked, what will happen if a certificate gets expired?
Does "renewal period" will conflict with "do not auto reenroll"?
When a cert is going to expire, a new one will be issued when only 6 weeks are remaining till expiry...but "do not auto reenroll" should block it from getting issued because it will be duplicate certificate?
If a certificate in AD expires, the client will re-enrol. The checkbox simply stops multiple devices re-enrolling on behalf of the user if a valid certificate is in AD.
When un-ticked and a user moves from one device to another, they would enrol for a certificate at each device which would be stored in AD. AD would therefore grow considerably.
When a client renews a certificate (at some point up to 6 weeks before expiry in your case), the old certificate is archived. The above is only relevant in the period up to the 6 week renewal period.