Windows – How to get an OID for a certificate template

ad-certificate-servicescertificate-authorityssl-certificatevbscriptwindows

I'm using C# (or VBScript) to issue a certificate from an Enterprise CA.

According to this answer, I need to specify the OID instead of the certificate name, and place it in an unexpected portion of code. (IMHO I should place it where the null string is)

I'm looking at certificate manager, templates, et.al, and can't locate the OID I should be using. Have any suggestions?

Best Answer

Certificate Templates are stored in the Configuration partition of Active Directory.

For instance, if your Certificate Template is named "Smartcard," then its DN would be:

CN=Smartcard,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=Contoso,DC=Com

The msPKI-Cert-Template-OID attribute of that object contains the OID you seek.

Edit: Here's some Powershell:

PS C:\Users\Ryan> Get-ADObject 'CN=Smartcard,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=Contoso,DC=Com' -Properties msPKI-Cert-Template-OID


DistinguishedName       : CN=Smartcard,CN=Certificate Templates,CN=Public Key
                          Services,CN=Services,CN=Configuration,DC=Contoso,DC=Com
msPKI-Cert-Template-OID : 1.3.6.1.4.1.311.21.8.13882702.11110958.1330334.1890290.2281445.541.2.14
Name                    : Smartcard
ObjectClass             : pKICertificateTemplate
ObjectGUID              : 1cd4698d-56fe-4d4b-8005-f89a76d24ae1
Related Topic