How to re-install the default certificate templates?
Published Jan 24 2020 01:41 PM 4,525 Views

First published on TECHNET on Aug 06, 2007

When you launch the certificate templates MMC snap-in (certtmpl.msc) for the first time, the certificate templates are installed automatically in the background. Installing the templates is independent of the availability of an enterprise CA. Enterprise Administrator permissions are required to successfully install the templates.


That's nice and convenient but what happens if you accidentally deleted the template objects from Active Directory? The templates can be viewed and also deleted (with appropriate permissions) through the Active Directory Sites and Services MMC snap-in (dssites.msc) or any other LDAP client can be used.







So, what to do if the templates or the OID container have disappeared? With a single command-line, you can get them back. As prerequisite to install the certificate templates you must have create child access to the template container in Active Directory which is the default setting for an enterprise administrator.




If you are running Windows Server 2003, use the following command with enterprise administrator permissions:




regsvr32 /i:i /n certcli.dll




If you have Windows Vista or Windows Server 2008 already in place, certutil.exe understands a new verb to re-install the templates. Certutil is included in all Windows Vista SKUs by default.




certutil -installdefaulttemplates




After performing one of the above commands you must restart the CA service.




The following two knowledgebase articles describe scenarios where re-installation of certificate templates can make sense:




Version history
Last update:
‎Feb 20 2020 02:42 PM
Updated by: