We have setup a POC for deployment of Machine and User certs to facilitate our Dot1x deployment. All machines that have been put in POC Gpo have received the distinct machine certificate as expected. All but 2 of the users (10 total) have received the certificate in the Personal store, the 2 have the certificate in their AD objects store. One of the 2 users machine had to be replaced days after the GPO was put in place so I am not sure they received the cert in the proper store, but it has been confirmed that a cert was generated for their account and it is present on their current machine but not in the Personal Store. The second user is not currently in the office to see if they have logged into another computer during the deployment process. I have found multiple posts that setting "Don't re-enroll if duplicates exist" could be the issue, but not certain. I have also found the others have gotten around this by using Credential Roaming. I am reaching out to see if any others have ran into this issue or if there are best practices that could resolve the issue.
Thanks,
Joe