Welcome to my nightmare... Inherited a 2003 AD network. As part of the complete overhaul of the forest and domain, I have been tasked with installing and getting ConfigMgr 2007 up and running. No worries there, until we get to the Certificate/PKI portion of the program. Get the Root CA server installed on an Win2k8 R2 Enterprise server. As I'm getting all of the other configuration completed, I find out that there was a previous server that was set as the Root CA. That previous Root CA was removed previously without the previous AD CS services gracefully uninstalled. Now from what I have been able to glean previously, the Type 1 certificate templates were added from this original CA Root server as a part of a Win2k3 install. When I enter the Certificate Template snap-in, I get the message "Windows has detected that new certificate templates should be installed. Do you want to install them?" If I say yes, it continues, and then reports that "Windows successfully installed the new certificate templates." (It will do this EVERY time that I start the Certificate Template snap-in.) Once in the Certificate Template Snap-In, I see that there are several of the "Standard" templates that are showing Windows 2000, thus, by my understanding, the Type 1 templates. However, if I attempt to duplicate any of these Win2k templates, I get "Windows cannot save the changes to the <name> certificate template. Element not found." This is obviously problematic, as I have to create a duplicate of the Computer Template for the installation of ConfigMgr 2007. Finally, the question: Is there a way to "manually" install the templates that it appears the 2008 version of AD CS is attempting to update in the AD? (Or, at the very least, get the templates that are installed to be able to be duplicated?) Many thanks ahead of time.

On Fri, 13 May 2011 23:56:00 +0000, Midnitelouie wrote: Is there a way to "manually" install the templates that it appears the 2008 version of AD CS is attempting to update in the AD?? (Or, at the very least, get the templates that are installed to be able to be duplicated?) Try: certutil -installdefaulttemplates Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca God is real, unless declared integer.

OK, after running this command, I get: "CertUtil -InstallDefaultTemplates command completed successfully." Unfortunately, there's no change in the templates. Investigating further, I additionally ran the "CertUtil -dc <name of one of our DCs> -InstallDefaultTemplates", which gave the same result message, and the same results. No change.