Active Directory Certificate Services Frequently Asked Questions - needs your help!

NoMoePwds · ‎Jan 24 2020

First published on TECHNET on Aug 08, 2011

If you have commonly asked questions about certificate services or PKI that you think should be listed in the Active Directory Certificate Services Frequently Asked Questions (AD CS FAQ ) list, I encourage you to submit them to the TechNet Wiki posting http://social.technet.microsoft.com/wiki/contents/articles/ad-cs-faq.aspx . Don't worry about the formatting, I can clean that up, if needed. Also, if you would rather have me add something for you, feel free to just reply to this blog. Thank you!

Ricoli610 · ‎Mar 30 2020

@NoMoePwds

This may not be a frequently asked question but hoping someone can answer it.

In trying to figure out what I needed to do to ensure a new certificate template had an extension with the BMP data value "DomainController" I incorrectly added a new EKU named "DomainController" with the OID value 1.3.6.1.4.1.311.20.2 (in a test environment).

Certificate Templates Console -> Duplicate template -> Extensions tab -> Application Policies -> new EKU added via Edit Application Policies Extension window.

Is it possible to delete it (rather than just remove it from the template)? What is the BMP data value referring to - the Certificate Template Name extension?

Many thanks

NoMoePwds · ‎Apr 28 2020

I have never dealt with this. I simply use one of the existing Domain Controller templates to create new ones. Mainly the Kerberos Authentication template now days. I've never had any issues where I had to validate this setting and it is only present in the article leveraging 3rd party certificates for CA's.

Ricoli610 · ‎Apr 28 2020

@NoMoePwdsMany thanks

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Active Directory Certificate Services Frequently Asked Questions - needs your help!