Active Directory Certificate Services (AD CS) provides the public key infrastructure (PKI) functionality that underpins identities and other security functionality on the Windows domain (i.e. file encryption, email encryption, and network traffic encryption). It can create, validate and revoke public key certificates for internal uses of an organization.
According to Microsoft, AD CS is a “Server Role that allows you to build a public key infrastructure (PKI) and provide public key cryptography, digital certificates, and digital signature capabilities for your organization.”