Table of Contents
Applies to Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012
Enterprise certification authority (CA) and Active Directory Domain Services (AD DS)
When a certificate template is defined, the definition of the certificate template must be available to all CAs in the forest. This is accomplished by storing the certificate template information in the Configuration naming context (CN=Configuration,DC=ForestRootName). Look at the following example that demonstrates how to view the stored certification templates in AD DS:
Note: In the following example, the "ForestRootName" is Contoso.local and I executed the adsiedit.msc MMC on a server with AD DS role installed.
The replication of this information depends on the Active Directory replication schedule, and the certificate template may not be available to all CAs until replication is completed. The storage and replication are accomplished automatically.