I have set up an Enterprise Certificate Server on Windows 2003 SP2. For users to create a certificate I have setup a template and everything seems to be working fine. We have another domain that someone else setup which is behaving differently though, I'm looking on more information on how to configure certain settings. Anyways when I open certtmpl.mms and edit my certificate there is a tab called Subject name with two options: 1. Generate the cert subject based on the users input 2. Populate the information from Active Directory using the common name. In both domains users requesting certificates do not exist in AD by their SMTP address. The application responsible for requesting the certificates submits the smtp address and a common name to the cert server. In domain 1, when this happens the subject name contains the common name and the smtp address. In domain 2, the subject name only contains the common name. The template is identical on both domains, the check mark box for add email address to subject is unchecked. I dont understand why they are behaving differently, realistically I think domain 2 is working the way it should, but i like the way domain 1 works better. I would just like to understand if this can be configured.. IE if the user can not be found in AD.. how should the cert be populated...

hi, Did you set up the ent CA in domain 1? if so, you need provide more information of CA in domain 2, like the CA server version, tier?