Here's a simple way to check for an enterprise CA in a Windows domain. Run the following command from a CMD prompt:
certutil -config - -ping
Notice the extra dash "-" between the -config and -ping switches.
If there is an enterprise CA published in Active Directory, you will see a pop-up box asking you to choose the CA to ping, as shown below:
Notice that CA name and the computer that hosts it are displayed. Once you select the certification authority and click OK, certutil will ping the server to make sure that it's online and functioning, as shown below:
|Certutil successfully pinged the CA|
|Certutil was unable to locate an Enterprise CA in the domain|