0

I successfully enabled auto-enrollment for client computer certificates within our Active Directory domain.

However, I want to include additional details in the auto-enrolled certificate such as the organizational unit (OU) the client computer is located in. I can do this just fine by manually creating an CSR and submitting it to our CA, however, I wan't to use auto-enrollment.

I can't, for the heck of it, find a way on how to include additional information in auto-enrolled certificates. Is there any way to do this?

lightxx
  • 197
  • 1
  • 2
  • 9

1 Answers1

1

In the certificate template editor (certtmpl.msc), switch to Subject tab and select Full distinguished name in the Subject Name Format dropdown list:

enter image description here

this will include full Active Directory DN for the specified client account.

Crypt32
  • 6,639
  • 1
  • 15
  • 33