Instructs the certification authority to publish the issued certificate to the key recovery agent (KRA) container in Active Directory.
Instructs clients and servers to append the issued certificate to the userCertificate attribute on the user object in Active Directory.
Instructs clients to not automatically enroll a certificate based on this template if the userCertificate attribute on the user object in Active Directory already contains a valid certificate based on this template.
Instructs clients to automatically enroll a certificate that is based on this template.
Instructs clients to sign a certificate by using private keys whose public keys are contained in existing certificates.
Instructs the client to obtain user consent before attempting to enroll a certificate request based on this template.
Instructs the client to delete expired, revoked, or renewed certificates from the local certificate store.
Instructs the server to allow enroll-on-behalf-of (EOBO) functionality.
Instructs the server to not include revocation information in the issued certificate, adding instead an id-pkix-ocsp-nocheck extension that specifies that the certificate holder can be trusted for the life of the certificate.
Instructs the client to reuse a private key for a smart card based certificate renewal if a new private key cannot be created on the card.
Instructs the server to not include revocation information in the issued certificate.
Instructs the server to include the Basic Constraints extension in the issued certificate.