Powershell - Enroll SSL cert On Behalf Of

I created Enrollment Agent Certificate, and through GUI i can install certificate for another user. Now, i want to automate this procedure using Powershell.

On my local cert store Enrollment agent certificate is installed (Template name:Enrollment Agent) along with certificate i want to issue to other user (Template name:GP)

$PKCS10 = New-Object -ComObject X509Enrollment.CX509CertificateRequestPkcs10
# cert template name i want to issue to user
$PKCS10.InitializeFromTemplateName(0x1,"GP")
$PKCS10.Encode()
$pkcs7 = New-Object -ComObject X509enrollment.CX509CertificateRequestPkcs7
$pkcs7.InitializeFromInnerRequest($pkcs10)
$pkcs7.RequesterName = "domain\some.user"
$signer = New-Object -ComObject X509Enrollment.CSignerCertificate
# bellow is thumbprint of certificate i want to issue (GP)
$signer.Initialize(0,0,0xc,"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
$pkcs7.SignerCertificate = $signer
$Request = New-Object -ComObject X509Enrollment.CX509Enrollment
$Request.InitializeFromRequest($pkcs7)
$Request.Enroll() 

Last line fail with error

CertEnroll::CX509Enrollment::Enroll: Error Verifying Request Signature
or Signing Certificate  The certificate is not valid for the requested usage. 
0x800b0110 (-2146762480 CERT_E_WRONG_USAGE)

Solved, had to specify Enrollment agent thumbprint