Hello,
there are 2 templates that Microsoft has planned for this purpose:
Domain Controller
Domain Controller Authentication
You should be able to use one of both to reach your goal.
Best regards,
Setting up PKI in Configuration Manager
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 22%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJT%3C/text%3E%3C/svg%3E)
Jerry Trimmer
21
Reputation points
I am currently setting up PKI in my Endpoint Configuration Manager environment. Every article I read mentions checking Read, Enroll and AutoEnroll for Domain Computers uder the security tab of the client certificate. None how ever say anything about Domain Controllers. We manage our Domain Controllers just like we do any other client. Should I add Domain Controllers to the template or do something else?
Windows for business | Windows Server | User experience | Other
2 answers
Sort by: Most helpful
-
Limitless Technology 40,076 Reputation points2021-09-10T08:37:07.827+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 59%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECT%3C/text%3E%3C/svg%3E)
Charles Thivierge 4,181 Reputation points2021-09-09T17:28:56.957+00:00 There is 2 templates for Domain Controllers
"Domain Controller"
"Domain Controller Authentication" --> SmartCardLogon authenticationYou should use one of this template for the DC's
hth