Good morning, all!
I'm almost finished migrating from an old 2008 R2 CA to a new two-tier infrastructure CA on Server 2019. I have some service user accounts that are being rejected at the CA because they don't have an email address. These are shared, service-type accounts that have severely limited rights.
Can I insert a fake email into the account? The user would never send or receive email, so it's just a place holder. If that would satisfy the issuing CA and clear the rejected certificates so I can easily isolate genuine problems, that's the idea. I'm also looking into moving these accounts into a separate OU but they don't necessarily share the same characteristics, so it would take some fancy engineering and testing on a production account.
Thanks to all for looking!