I have deployed a PKI infrastructure with a Stand-Alone Root CA (which will be kept off) and 4 Enterprise SubCA's which depends on this Root CA. To make the computers trust the Root CA, I am going to send the Root CA certificate to the domain computers to be distributed from an AD GPO. The doubt I have is if I also have to distribute the certificates of the SubCA's on the respective computers that are going to use the certificates of this SUBCA.
Thanks