I need to be able to auto-enroll a huge number of users using Microsoft AD CS. I have create a certificate template that these users are able to auto-enroll with.
I now need to create the requests and accept the certificates automatically, without UI interaction.
My first thought was to use certreq with -q option to suppress interaction:
certreq -enroll -user -q -PolicyServer "ldap://" "TemplateName"
The server then answers :
The request subject name is invalid or too long (0x80094001)
I think that the -q option enabled the use of default values, some of which might be empty.
Is there any way to provide certreq for additional information (e.g. CN, SAN DNS...) while using an AD CS certificate template in command-line enroll?
User contributions licensed under CC BY-SA 3.0