AD CS also serves certificate enrollment over HTTP. If NTLM authenticate is enabled, this HTTP endpoint on DC would be vulnerable to NTLM relay attacks. The attack is basically identical to NTLM relay via Cobalt Strike, except we modify the arguments to ntlmrelayx.py a bit:
Following the rest of the attack, by coercing a DC or another machine to authenticate to us, and relaying the traffic to AD CS (must be hosted on a server different from the first machine for this to work), we should be able to obtain a certificate for the machine, and we can obtain a TGT using the S4U2Self abuse.