When you upgrade a certification authority (CA), you may need to update the Active Directory schema to support new certificate template attributes. For more information about updating the Active Directory schema with Adprep.exe, see the Command Line Reference (
In addition, you need to upgrade the certificate templates to include and configure these attributes. Upgrading the certificate templates applies the proper security permissions on the existing certificate templates and installs any new certificate templates that are available.
If you do not perform this procedure before upgrading your CAs to Windows Server 2008 R2, you will be prompted when opening the Certificate Templates snap-in. If this procedure has already been performed in your enterprise, you will not receive a prompt when you open Certificate Templates.
Membership in Domain Admins, or equivalent, is the minimum required to complete this procedure.
To install new templates and upgrade existing templates |
Open the Certificate Templates snap-in.
When prompted to install new certificate templates, click OK.
Additional considerations
-
After a CA has been upgraded and certificate templates have been installed, you can create new version 2 or version 3 copies of any certificate template in the domain. For more information, see Create a New Certificate Template.