Blog Post

Core Infrastructure and Security Blog
1 MIN READ

Active Directory Certificate Services Frequently Asked Questions - needs your help!

NoMoePwds's avatar
NoMoePwds
Icon for Microsoft rankMicrosoft
Jan 24, 2020

First published on TECHNET on Aug 08, 2011

If you have commonly asked questions about certificate services or PKI that you think should be listed in the Active Directory Certificate Services Frequently Asked Questions (AD CS FAQ ) list, I encourage you to submit them to the TechNet Wiki posting http://social.technet.microsoft.com/wiki/contents/articles/ad-cs-faq.aspx . Don't worry about the formatting, I can clean that up, if needed. Also, if you would rather have me add something for you, feel free to just reply to this blog. Thank you!

Updated Feb 21, 2020
Version 3.0
KurtHudson

3 Comments

  • NoMoePwds's avatar
    NoMoePwds
    Icon for Microsoft rankMicrosoft
    Apr 28, 2020

    I have never dealt with this.  I simply use one of the existing Domain Controller templates to create new ones.  Mainly the Kerberos Authentication template now days.  I've never had any issues where I had to validate this setting and it is only present in the article leveraging 3rd party certificates for CA's.  

  • Ricoli610's avatar
    Ricoli610
    Brass Contributor
    Mar 31, 2020

    NoMoePwds 

     

    This may not be a frequently asked question but hoping someone can answer it.

     

    In trying to figure out what I needed to do to ensure a new certificate template had an extension with the BMP data value "DomainController" I incorrectly added a new EKU named "DomainController" with the OID value 1.3.6.1.4.1.311.20.2 (in a test environment).

     

    Certificate Templates Console -> Duplicate template -> Extensions tab -> Application Policies -> new EKU added via Edit Application Policies Extension window.

     

    Is it possible to delete it (rather than just remove it from the template)?  What is the BMP data value referring to - the Certificate Template Name extension?

     

    Many thanks