1
00:00:02,340 --> 00:00:06,590
The last certificate template I want to talk about in this course is the DC,

2
00:00:06,590 --> 00:00:09,540
or domain controller, certificate template.

3
00:00:09,540 --> 00:00:12,780
This certificate is crucial, and it's a device certificate,

4
00:00:12,780 --> 00:00:15,960
so it's enrolled to servers, in this case.

5
00:00:15,960 --> 00:00:19,630
And the requirements for this one, in terms of EKUs,

6
00:00:19,630 --> 00:00:22,940
are the Client Authentication, Server Authentication,

7
00:00:22,940 --> 00:00:26,200
Smart Card Logon, and KDC Authentication.

8
00:00:26,200 --> 00:00:27,630
Obviously that's a lot.

9
00:00:27,630 --> 00:00:29,380
Don't worry, there's a template we're going to use.

10
00:00:29,380 --> 00:00:31,070
If you've come along this far,

11
00:00:31,070 --> 00:00:35,040
you'll know it's fairly simple and straightforward to deploy these templates.

12
00:00:35,040 --> 00:00:37,770
The subject name needs to be the server name,

13
00:00:37,770 --> 00:00:40,820
and the certificate needs to be deployed to all of

14
00:00:40,820 --> 00:00:44,940
your domain controllers; however, it's important to understand,

15
00:00:44,940 --> 00:00:48,830
this certificate may already exist in your environment.

16
00:00:48,830 --> 00:00:50,860
So, it's absolutely required,

17
00:00:50,860 --> 00:00:54,390
but the steps that we're going to take here may or may not

18
00:00:54,390 --> 00:00:57,360
be required in your specific environment.

19
00:00:57,360 --> 00:01:07,000
So, let's get to creating a certificate template for the domain controller, and I'll talk about those things in a little bit more detail.