Brian K mentioned in a previous question that FIM 2010 could adjust the subject format of a usertemplate by using a policy module. His exact words below: You can definitely do this by deploying FIM 2010 CM. There are two plug-in policy modules that will assist you: 1) THe Subject plug-in policy module allows you to define a variable string for subject name construction. For example, you could define a subject as CN={User!givenName} {User!sn},OU=Employees,O=Example Corporation,C=US Note that this is combination of variables from AD and static text. As long as there is an attribute in AD (direct such as displayName) or built (using first and last name as shown above), you can use this. In this case, the actual certificate template is set with the Subject Name as None, and the policy module plug-in injects the name into the Subject name before the certificate is issued. 2) The Subject Alternative Name (SAN) plug-in policy module allows you to define a variable string for SAN construction. For example, you could define a subject as CN={User!givenName} {User!sn},OU=Employees,O=Example Corporation,C=US . You can also define more than one SAN name for inclusion, and even configure the policy module to not include a SAN name format if the AD attribute is not populated ___We looked into FIM2010 but we might not be able to justify the cost of ~$100,000 to address this issue with changing the subject name on our PKI user templates. THe issue came about because our users use their employee number as their AD samaccountname and CN, we want to create a digitial signature template that uses their given name and sirname so when they sign a document it doesn show their employee number. Does anyone have any thoughts on how we can do this without purchasing FIM2010 CM. That solution just seems too costly for this. Thanks,

Your only option here would be to configure the certificate template to have the request supply the subject name and then code your own web page/application that would generate the subject name in the desired format while it generates the request and submits it to the CA. Paul Adare CTO IdentIT Inc. ILM MVP