Certificate templates and Active Directory

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Certificate templates and Active Directory

A Windows Server 2003 family certification authority can be installed as an enterprise server or a stand-alone server. When installed as an enterprise server, the certification authority is integrated into Active Directory. This allows the version 2 certificate templates to be replicated to all other enterprise certification authorities via the normal Active Directory replication process.

Certificate templates must be available from all certification authorities in the enterprise simultaneously in order to work correctly. As a result, creation or change of a certificate template must replicate completely before that certificate template can be used. This replication can take up to eight hours to complete, depending on your Active Directory implementation. Configuring and using certificates before replication is completed can have unwanted effects.