I believe a member of my team has a solution to the below but I wanted to weigh in on the PS forum area and see if there were additional thoughts.
Short story, the Lync client self-signed cert is creating an issue with our updated PKI infrastructure. In testing, when a user logs in with the new Infra. PKI chain the Lync client give a certificate error. When the *usersup*.cer is deleted from the personal store, everything is fine. I've turned off the issuing of the client cert on the server side and running off AD authentication is fine. I need to automate the removal of 6K+ user's personal certs. Below is a PS script that does what I need to do but the prompt has to be elevated and elevating prompts for that many users poses an issue, if anyone has experience with this and has an alternative solution, please feel free to share.
$certs = Get-ChildItem cert:\CurrentUser\My | where { $_.Issuer –like 'CN=Communications Server' }
foreach ($cert in $certs) {
$store = Get-Item $cert.PSParentPath
$store.Open('ReadWrite')
$store.Remove($cert)
$store.Close()
}