When ADCS uses sha1 for their certificates, you might want to change it to sha254.
NOTE: Make sure all your devices support sha256
sha1
sha256
To achieve this enter the following commands in an elivated DOS-box:
certutil -setreg cacspCNGHashAlgorithm SHA256 net stop certsvc net start certsvc