I am new to AD CS and have a few questions about it. A little bit of a background: I have a customer who wants to set up AD CS to authenticate domain PCs as well as to encrypt network traffic.

Now with the questions:

1.  it was my understanding that as soon as AD CS is set up and certificate is pushed to the domain using GPO, PCs will receive certificate from the server and that what is needed for authentication. Is this correct?
2. I can't find any information on what is needed for network traffic encryption. Does anyone has a tutorial or can point me in right direction.
3. Is there anything I need to do for the devices like firewall, etc that are using LDAP to communicate with DC.

Thank you in advance for any help I can get.

Serge