If you have multiple domain controllers, all certificate templates may not be replicated on all domain controllers, including read-only domain controllers.


Read-only domain controllers, introduced in Windows Server 2008, are domain controllers that host a read-only copy of the domain database.

You can, however, retrieve or modify certificate templates from a specific writable domain controller.

Membership in Domain Admins or Enterprise Admins, or equivalent for the domain, is the minimum required to complete this procedure. For more information, see Implement Role-Based Administration.

To access certificate templates on a writable domain controller
  1. Open the Certificate Templates snap-in.

  2. In the console tree, right-click Certificate Templates, and then click Connect to another writable domain controller.

  3. Verify the domain name, and click OK.