If you have multiple domain controllers, all certificate templates may not be replicated on all domain controllers, including read-only domain controllers.
Read-only domain controllers, introduced in Windows Server 2008, are domain controllers that host a read-only copy of the domain database.
You can, however, retrieve or modify certificate templates from a specific writable domain controller.
Membership in Domain Admins or Enterprise Admins, or equivalent for the domain, is the minimum required to complete this procedure. For more information, see Implement Role-Based Administration.
|To access certificate templates on a writable domain controller|
Open the Certificate Templates snap-in.
In the console tree, right-click Certificate Templates, and then click Connect to another writable domain controller.
Verify the domain name, and click OK.