1. domain controll certificate template does not has autoenrollment option. 2. what do you mean by server specific certificate? provide more info about the server certificate for server 2008.

Both Windows 2003 and Windows Server 2008 R2 support autoenrollment of certificates. The default "Domain Controller Authentication" certificate template allows autoenrollment by members of the Domain Controllers group You will need to enable Autoenrollment in the Default Domain Controllers GPO Computer Configuration | Policies | Windows Settings | Security Settings | Public Key Policy Settings Certificate Services Client - Auto-Enrollment In this GPO setting, enable the two following check boxes: - Renew expired certificates, update pending certificates, and remove revoked certificates - Update certificates that use certificate templates When you apply the GPO to all DCs, they will go and automatically enroll the Domain Controller Authentication certificates. The same certificate template is used for both 2k3 and 2k8R2 Brian

Hi Folks, I have two domain controllers: 2003 and 2008r2. The 2008r2 is configured with the role AD Certificate Services. I have created a domain controller certificate and a server certificate for the 2008 machine. I seek to do the same for the 2003 machine. The Domain Controller certificate already exists and as a domain controller the 2003 server has access and can present it. However, there is no server certificate for him. So I have a few questions: 1) Can the "auto-enrollment" feature auto-enroll the 2003 server as a domain controller? 2) Do I need to create a server specific certificate for the 2003 server? 3) How do I test all of this stuff? Thanks for the help, Chris.