Identity with Windows Server 2016 — Question 39

You have an enterprise certification authority (CA) named CA1. You have a certificate template named UserAutoEnroll that is based on the User certificate template. Domain users are configured to autoenroll for UserAutoEnroll.
A user named User1 has an email address defined in Active Directory. A user named User2 does not have an email address defined in Active Directory. You discover that User1 was issued a certificate based on UserAutoEnroll template automatically.
A request by user2 for a certificate based on the UserAutoEnroll template fails.
You need to ensure that all users can autoenroll for certificated based on the UserAutoEnroll template.
Which setting should you configure from the properties on the UserAutoEnroll certificate template?

Answer options

• A. Issuance Requirements
• B. Request Handling
• C. Cryptography
• D. Subject Name

Correct answer: D

Explanation

The correct answer is D, as configuring the Subject Name setting allows you to specify how the subject name is generated, which can include using user attributes such as email addresses. Since User2 lacks an email address, modifying this setting will enable the issuance of a certificate based on other attributes, thus allowing autoenrollment for all users. The other options do not address the need for proper subject name configuration for certificate issuance.