Create a new object identifier

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To create a new object identifier

Open Certificate Templates
In the details pane, right-click the certificate template that you want to change, and then click Properties.
On the Extensions tab, click Application Policies and then click Edit.
In Edit Application Policies Extension, click Add.
In Add Application Policy, click New.
Provide the requested information.

Notes

To perform this procedure, you must be a member of the Enterprise Admins group or the root domain's Domain Admins group in Active Directory. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.
To open Certificate Templates, click Start, click Run, type certtmpl.msc, and then press Enter.
This procedure is applicable to version 2 templates. For more information about version 2 templates, see Related Topics.
Object identifiers must be unique within the enterprise.
Clients must be re-enrolled to receive a certificate based on the changed template if they already have a valid certificate based on the old template. For more information about re-enrolling clients, see Related Topics.

Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.