Certificate templates deployment

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Certificate templates deployment

When deploying a Windows Server 2003 family enterprise certification authority (CA), certificate templates are stored in Active Directory. This centralizes the location for use by all CAs in the enterprise, as well as simplifies replication and security management. This also allows the CA to upgrade current certificate templates in Active Directory during installation. Note that this requires the root domain's Domain Admins group to have full control access to all certificate templates or for this access to have been granted to another user or group.

Once you have planned and created the appropriate certificate templates, they will be replicated automatically to all domain controllers in the enterprise. This replication normally takes approximately eight hours to complete. Because of this interval, you should create the certificate template and allow it to replicate before deploying it to clients. This is best accomplished during an idle time in your environment. Configuring and using certificates before replication is completed can have unwanted effects.