PKI-Certificate-Template class

Article
12/14/2020

Contains information for certificates issued by Certificate Server.

Entry	Value
CN	PKI-Certificate-Template
Ldap-Display-Name	pKICertificateTemplate
Update Privilege	-
Update Frequency	-
Schema-Id-Guid	e5209ca2-3bba-11d2-90cc-00c04fd91ab1

Implementations

Windows 2000 Server
Windows Server 2003
Windows Server 2003 R2
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012

Entry	Value
System-Only	False
Object-Category	1
Default-Object-Category	-
Governs-Id	1.2.840.113556.1.5.177
Default-Hiding-Value	1
Rdn-Att-Id	Common-Name
Subclass of	Top
Possible Superiors	Container
Auxiliary Classes	-
NT-Security-Descriptor	O:BAG:BAD:S:
Default Security Descriptor	D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags	0x00000010

Windows 2000 Server Attributes

This class contains the following attributes for Windows 2000 Server:

Attribute	Mandatory	Derived from
Admin-Description	False	Top
Admin-Display-Name	False	Top
Allowed-Attributes	False	Top
Allowed-Attributes-Effective	False	Top
Allowed-Child-Classes	False	Top
Allowed-Child-Classes-Effective	False	Top
Bridgehead-Server-List-BL	False	Top
Canonical-Name	False	Top
Common-Name	False	Top
Create-Time-Stamp	False	Top
Description	False	Top
Display-Name	False	PKI-Certificate-Template Top
Display-Name-Printable	False	Top
DSA-Signature	False	Top
DS-Core-Propagation-Data	False	Top
Extension-Name	False	Top
Flags	False	PKI-Certificate-Template Top
From-Entry	False	Top
Frs-Computer-Reference-BL	False	Top
FRS-Member-Reference-BL	False	Top
FSMO-Role-Owner	False	Top
Instance-Type	True	Top
Is-Critical-System-Object	False	Top
Is-Deleted	False	Top
Is-Member-Of-DL	False	Top
Is-Privilege-Holder	False	Top
Last-Known-Parent	False	Top
Managed-Objects	False	Top
Mastered-By	False	Top
Modify-Time-Stamp	False	Top
MS-DS-Consistency-Child-Count	False	Top
MS-DS-Consistency-Guid	False	Top
netboot-SCP-BL	False	Top
Non-Security-Member-BL	False	Top
NT-Security-Descriptor	True	Top
Obj-Dist-Name	False	Top
Object-Category	True	Top
Object-Class	True	Top
Object-Guid	False	Top
Object-Version	False	Top
Other-Well-Known-Objects	False	Top
Partial-Attribute-Deletion-List	False	Top
Partial-Attribute-Set	False	Top
PKI-Critical-Extensions	False	PKI-Certificate-Template
PKI-Default-CSPs	False	PKI-Certificate-Template
PKI-Default-Key-Spec	False	PKI-Certificate-Template
PKI-Enrollment-Access	False	PKI-Certificate-Template
PKI-Expiration-Period	False	PKI-Certificate-Template
PKI-Extended-Key-Usage	False	PKI-Certificate-Template
PKI-Key-Usage	False	PKI-Certificate-Template
PKI-Max-Issuing-Depth	False	PKI-Certificate-Template
PKI-Overlap-Period	False	PKI-Certificate-Template
Possible-Inferiors	False	Top
Proxied-Object-Name	False	Top
Proxy-Addresses	False	Top
Query-Policy-BL	False	Top
RDN	False	Top
Repl-Property-Meta-Data	False	Top
Repl-UpToDate-Vector	False	Top
Reports	False	Top
Reps-From	False	Top
Reps-To	False	Top
Revision	False	Top
SD-Rights-Effective	False	Top
Server-Reference-BL	False	Top
Show-In-Advanced-View-Only	False	Top
Site-Object-BL	False	Top
Sub-Refs	False	Top
SubSchemaSubEntry	False	Top
System-Flags	False	Top
USN-Changed	False	Top
USN-Created	False	Top
USN-DSA-Last-Obj-Removed	False	Top
USN-Intersite	False	Top
USN-Last-Obj-Rem	False	Top
USN-Source	False	Top
Wbem-Path	False	Top
Well-Known-Objects	False	Top
When-Changed	False	Top
When-Created	False	Top
WWW-Home-Page	False	Top
WWW-Page-Other	False	Top

Windows 2000 Server Extended Rights

This class contains the following extended rights for Windows 2000 Server:

Common Name
Certificate-Enrollment

Windows Server 2003

Attributes
Extended Rights

Entry	Value
System-Only	False
Object-Category	1
Default-Object-Category	-
Governs-Id	1.2.840.113556.1.5.177
Default-Hiding-Value	1
Rdn-Att-Id	Common-Name
Subclass of	Top
Possible Superiors	Container
Auxiliary Classes	-
NT-Security-Descriptor	O:BAG:BAD:S:
Default Security Descriptor	D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags	0x00000010

Windows Server 2003 Attributes

This class contains the following attributes for Windows Server 2003:

Attribute	Mandatory	Derived from
Admin-Description	False	Top
Admin-Display-Name	False	Top
Allowed-Attributes	False	Top
Allowed-Attributes-Effective	False	Top
Allowed-Child-Classes	False	Top
Allowed-Child-Classes-Effective	False	Top
Bridgehead-Server-List-BL	False	Top
Canonical-Name	False	Top
Common-Name	False	Top
Create-Time-Stamp	False	Top
Description	False	Top
Display-Name	False	PKI-Certificate-Template Top
Display-Name-Printable	False	Top
DSA-Signature	False	Top
DS-Core-Propagation-Data	False	Top
Extension-Name	False	Top
Flags	False	PKI-Certificate-Template Top
From-Entry	False	Top
Frs-Computer-Reference-BL	False	Top
FRS-Member-Reference-BL	False	Top
FSMO-Role-Owner	False	Top
Instance-Type	True	Top
Is-Critical-System-Object	False	Top
Is-Deleted	False	Top
Is-Member-Of-DL	False	Top
Is-Privilege-Holder	False	Top
Last-Known-Parent	False	Top
Managed-Objects	False	Top
Mastered-By	False	Top
Modify-Time-Stamp	False	Top
ms-COM-PartitionSetLink	False	Top
ms-COM-UserLink	False	Top
ms-DS-Approx-Immed-Subordinates	False	Top
MS-DS-Consistency-Child-Count	False	Top
MS-DS-Consistency-Guid	False	Top
ms-DS-Mastered-By	False	Top
ms-DS-Members-For-Az-Role-BL	False	Top
ms-DS-NC-Repl-Cursors	False	Top
ms-DS-NC-Repl-Inbound-Neighbors	False	Top
ms-DS-NC-Repl-Outbound-Neighbors	False	Top
ms-DS-Non-Members-BL	False	Top
ms-DS-Object-Reference-BL	False	Top
ms-DS-Operations-For-Az-Role-BL	False	Top
ms-DS-Operations-For-Az-Task-BL	False	Top
ms-DS-Repl-Attribute-Meta-Data	False	Top
ms-DS-Repl-Value-Meta-Data	False	Top
ms-DS-Tasks-For-Az-Role-BL	False	Top
ms-DS-Tasks-For-Az-Task-BL	False	Top
ms-Exch-Owner-BL	False	Top
ms-PKI-Certificate-Application-Policy	False	PKI-Certificate-Template
ms-PKI-Certificate-Name-Flag	False	PKI-Certificate-Template
ms-PKI-Certificate-Policy	False	PKI-Certificate-Template
ms-PKI-Cert-Template-OID	False	PKI-Certificate-Template
ms-PKI-Enrollment-Flag	False	PKI-Certificate-Template
ms-PKI-Minimal-Key-Size	False	PKI-Certificate-Template
ms-PKI-Private-Key-Flag	False	PKI-Certificate-Template
ms-PKI-RA-Application-Policies	False	PKI-Certificate-Template
ms-PKI-RA-Policies	False	PKI-Certificate-Template
ms-PKI-RA-Signature	False	PKI-Certificate-Template
ms-PKI-Supersede-Templates	False	PKI-Certificate-Template
ms-PKI-Template-Minor-Revision	False	PKI-Certificate-Template
ms-PKI-Template-Schema-Version	False	PKI-Certificate-Template
netboot-SCP-BL	False	Top
Non-Security-Member-BL	False	Top
NT-Security-Descriptor	True	Top
Obj-Dist-Name	False	Top
Object-Category	True	Top
Object-Class	True	Top
Object-Guid	False	Top
Object-Version	False	Top
Other-Well-Known-Objects	False	Top
Partial-Attribute-Deletion-List	False	Top
Partial-Attribute-Set	False	Top
PKI-Critical-Extensions	False	PKI-Certificate-Template
PKI-Default-CSPs	False	PKI-Certificate-Template
PKI-Default-Key-Spec	False	PKI-Certificate-Template
PKI-Enrollment-Access	False	PKI-Certificate-Template
PKI-Expiration-Period	False	PKI-Certificate-Template
PKI-Extended-Key-Usage	False	PKI-Certificate-Template
PKI-Key-Usage	False	PKI-Certificate-Template
PKI-Max-Issuing-Depth	False	PKI-Certificate-Template
PKI-Overlap-Period	False	PKI-Certificate-Template
Possible-Inferiors	False	Top
Proxied-Object-Name	False	Top
Proxy-Addresses	False	Top
Query-Policy-BL	False	Top
RDN	False	Top
Repl-Property-Meta-Data	False	Top
Repl-UpToDate-Vector	False	Top
Reports	False	Top
Reps-From	False	Top
Reps-To	False	Top
Revision	False	Top
SD-Rights-Effective	False	Top
Server-Reference-BL	False	Top
Show-In-Advanced-View-Only	False	Top
Site-Object-BL	False	Top
Structural-Object-Class	False	Top
Sub-Refs	False	Top
SubSchemaSubEntry	False	Top
System-Flags	False	Top
USN-Changed	False	Top
USN-Created	False	Top
USN-DSA-Last-Obj-Removed	False	Top
USN-Intersite	False	Top
USN-Last-Obj-Rem	False	Top
USN-Source	False	Top
Wbem-Path	False	Top
Well-Known-Objects	False	Top
When-Changed	False	Top
When-Created	False	Top
WWW-Home-Page	False	Top
WWW-Page-Other	False	Top

Windows Server 2003 Extended Rights

This class contains the following extended rights for Windows Server 2003:

Common Name
Certificate-Enrollment

Windows Server 2003 R2

Attributes
Extended Rights

Entry	Value
System-Only	False
Object-Category	1
Default-Object-Category	-
Governs-Id	1.2.840.113556.1.5.177
Default-Hiding-Value	1
Rdn-Att-Id	Common-Name
Subclass of	Top
Possible Superiors	Container
Auxiliary Classes	-
NT-Security-Descriptor	O:BAG:BAD:S:
Default Security Descriptor	D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags	0x00000010

Windows Server 2003 R2 Attributes

This class contains the following attributes for Windows Server 2003 R2:

Attribute	Mandatory	Derived from
Admin-Description	False	Top
Admin-Display-Name	False	Top
Allowed-Attributes	False	Top
Allowed-Attributes-Effective	False	Top
Allowed-Child-Classes	False	Top
Allowed-Child-Classes-Effective	False	Top
Bridgehead-Server-List-BL	False	Top
Canonical-Name	False	Top
Common-Name	False	Top
Create-Time-Stamp	False	Top
Description	False	Top
Display-Name	False	PKI-Certificate-Template Top
Display-Name-Printable	False	Top
DSA-Signature	False	Top
DS-Core-Propagation-Data	False	Top
Extension-Name	False	Top
Flags	False	PKI-Certificate-Template Top
From-Entry	False	Top
Frs-Computer-Reference-BL	False	Top
FRS-Member-Reference-BL	False	Top
FSMO-Role-Owner	False	Top
Instance-Type	True	Top
Is-Critical-System-Object	False	Top
Is-Deleted	False	Top
Is-Member-Of-DL	False	Top
Is-Privilege-Holder	False	Top
Last-Known-Parent	False	Top
Managed-Objects	False	Top
Mastered-By	False	Top
Modify-Time-Stamp	False	Top
ms-COM-PartitionSetLink	False	Top
ms-COM-UserLink	False	Top
ms-DFSR-ComputerReferenceBL	False	Top
ms-DFSR-MemberReferenceBL	False	Top
ms-DS-Approx-Immed-Subordinates	False	Top
MS-DS-Consistency-Child-Count	False	Top
MS-DS-Consistency-Guid	False	Top
ms-DS-Mastered-By	False	Top
ms-DS-Members-For-Az-Role-BL	False	Top
ms-DS-NC-Repl-Cursors	False	Top
ms-DS-NC-Repl-Inbound-Neighbors	False	Top
ms-DS-NC-Repl-Outbound-Neighbors	False	Top
ms-DS-Non-Members-BL	False	Top
ms-DS-Object-Reference-BL	False	Top
ms-DS-Operations-For-Az-Role-BL	False	Top
ms-DS-Operations-For-Az-Task-BL	False	Top
ms-DS-Repl-Attribute-Meta-Data	False	Top
ms-DS-Repl-Value-Meta-Data	False	Top
ms-DS-Tasks-For-Az-Role-BL	False	Top
ms-DS-Tasks-For-Az-Task-BL	False	Top
ms-Exch-Owner-BL	False	Top
ms-PKI-Certificate-Application-Policy	False	PKI-Certificate-Template
ms-PKI-Certificate-Name-Flag	False	PKI-Certificate-Template
ms-PKI-Certificate-Policy	False	PKI-Certificate-Template
ms-PKI-Cert-Template-OID	False	PKI-Certificate-Template
ms-PKI-Enrollment-Flag	False	PKI-Certificate-Template
ms-PKI-Minimal-Key-Size	False	PKI-Certificate-Template
ms-PKI-Private-Key-Flag	False	PKI-Certificate-Template
ms-PKI-RA-Application-Policies	False	PKI-Certificate-Template
ms-PKI-RA-Policies	False	PKI-Certificate-Template
ms-PKI-RA-Signature	False	PKI-Certificate-Template
ms-PKI-Supersede-Templates	False	PKI-Certificate-Template
ms-PKI-Template-Minor-Revision	False	PKI-Certificate-Template
ms-PKI-Template-Schema-Version	False	PKI-Certificate-Template
msSFU-30-Posix-Member-Of	False	Top
netboot-SCP-BL	False	Top
Non-Security-Member-BL	False	Top
NT-Security-Descriptor	True	Top
Obj-Dist-Name	False	Top
Object-Category	True	Top
Object-Class	True	Top
Object-Guid	False	Top
Object-Version	False	Top
Other-Well-Known-Objects	False	Top
Partial-Attribute-Deletion-List	False	Top
Partial-Attribute-Set	False	Top
PKI-Critical-Extensions	False	PKI-Certificate-Template
PKI-Default-CSPs	False	PKI-Certificate-Template
PKI-Default-Key-Spec	False	PKI-Certificate-Template
PKI-Enrollment-Access	False	PKI-Certificate-Template
PKI-Expiration-Period	False	PKI-Certificate-Template
PKI-Extended-Key-Usage	False	PKI-Certificate-Template
PKI-Key-Usage	False	PKI-Certificate-Template
PKI-Max-Issuing-Depth	False	PKI-Certificate-Template
PKI-Overlap-Period	False	PKI-Certificate-Template
Possible-Inferiors	False	Top
Proxied-Object-Name	False	Top
Proxy-Addresses	False	Top
Query-Policy-BL	False	Top
RDN	False	Top
Repl-Property-Meta-Data	False	Top
Repl-UpToDate-Vector	False	Top
Reports	False	Top
Reps-From	False	Top
Reps-To	False	Top
Revision	False	Top
SD-Rights-Effective	False	Top
Server-Reference-BL	False	Top
Show-In-Advanced-View-Only	False	Top
Site-Object-BL	False	Top
Structural-Object-Class	False	Top
Sub-Refs	False	Top
SubSchemaSubEntry	False	Top
System-Flags	False	Top
USN-Changed	False	Top
USN-Created	False	Top
USN-DSA-Last-Obj-Removed	False	Top
USN-Intersite	False	Top
USN-Last-Obj-Rem	False	Top
USN-Source	False	Top
Wbem-Path	False	Top
Well-Known-Objects	False	Top
When-Changed	False	Top
When-Created	False	Top
WWW-Home-Page	False	Top
WWW-Page-Other	False	Top

Windows Server 2003 R2 Extended Rights

This class contains the following extended rights for Windows Server 2003 R2:

Common Name
Certificate-Enrollment

Windows Server 2008

Attributes
Extended Rights

Entry	Value
System-Only	False
Object-Category	1
Default-Object-Category	-
Governs-Id	1.2.840.113556.1.5.177
Default-Hiding-Value	1
Rdn-Att-Id	Common-Name
Subclass of	Top
Possible Superiors	Container
Auxiliary Classes	-
NT-Security-Descriptor	O:BAG:BAD:S:
Default Security Descriptor	D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags	0x00000010

Windows Server 2008 Attributes

This class contains the following attributes for Windows Server 2008:

Attribute	Mandatory	Derived from
Admin-Description	False	Top
Admin-Display-Name	False	Top
Allowed-Attributes	False	Top
Allowed-Attributes-Effective	False	Top
Allowed-Child-Classes	False	Top
Allowed-Child-Classes-Effective	False	Top
Bridgehead-Server-List-BL	False	Top
Canonical-Name	False	Top
Common-Name	False	Top
Create-Time-Stamp	False	Top
Description	False	Top
Display-Name	False	PKI-Certificate-Template Top
Display-Name-Printable	False	Top
DSA-Signature	False	Top
DS-Core-Propagation-Data	False	Top
Extension-Name	False	Top
Flags	False	PKI-Certificate-Template Top
From-Entry	False	Top
Frs-Computer-Reference-BL	False	Top
FRS-Member-Reference-BL	False	Top
FSMO-Role-Owner	False	Top
Instance-Type	True	Top
Is-Critical-System-Object	False	Top
Is-Deleted	False	Top
Is-Member-Of-DL	False	Top
Is-Privilege-Holder	False	Top
Last-Known-Parent	False	Top
Managed-Objects	False	Top
Mastered-By	False	Top
Modify-Time-Stamp	False	Top
ms-COM-PartitionSetLink	False	Top
ms-COM-UserLink	False	Top
ms-DFSR-ComputerReferenceBL	False	Top
ms-DFSR-MemberReferenceBL	False	Top
ms-DS-Approx-Immed-Subordinates	False	Top
ms-DS-AuthenticatedTo-Accountlist	False	Top
MS-DS-Consistency-Child-Count	False	Top
MS-DS-Consistency-Guid	False	Top
ms-DS-Is-Domain-For	False	Top
ms-DS-Is-Full-Replica-For	False	Top
ms-DS-Is-Partial-Replica-For	False	Top
ms-DS-KrbTgt-Link-BL	False	Top
ms-DS-Mastered-By	False	Top
ms-DS-Members-For-Az-Role-BL	False	Top
ms-DS-NC-Repl-Cursors	False	Top
ms-DS-NC-Repl-Inbound-Neighbors	False	Top
ms-DS-NC-Repl-Outbound-Neighbors	False	Top
ms-DS-NC-RO-Replica-Locations-BL	False	Top
ms-DS-NC-Type	False	Top
ms-DS-Non-Members-BL	False	Top
ms-DS-Object-Reference-BL	False	Top
ms-DS-Operations-For-Az-Role-BL	False	Top
ms-DS-Operations-For-Az-Task-BL	False	Top
ms-DS-Principal-Name	False	Top
ms-DS-PSO-Applied	False	Top
ms-DS-Repl-Attribute-Meta-Data	False	Top
ms-DS-Repl-Value-Meta-Data	False	Top
ms-DS-Revealed-DSAs	False	Top
ms-DS-Revealed-List-BL	False	Top
ms-DS-Tasks-For-Az-Role-BL	False	Top
ms-DS-Tasks-For-Az-Task-BL	False	Top
ms-Exch-Owner-BL	False	Top
ms-PKI-Certificate-Application-Policy	False	PKI-Certificate-Template
ms-PKI-Certificate-Name-Flag	False	PKI-Certificate-Template
ms-PKI-Certificate-Policy	False	PKI-Certificate-Template
ms-PKI-Cert-Template-OID	False	PKI-Certificate-Template
ms-PKI-Enrollment-Flag	False	PKI-Certificate-Template
ms-PKI-Minimal-Key-Size	False	PKI-Certificate-Template
ms-PKI-Private-Key-Flag	False	PKI-Certificate-Template
ms-PKI-RA-Application-Policies	False	PKI-Certificate-Template
ms-PKI-RA-Policies	False	PKI-Certificate-Template
ms-PKI-RA-Signature	False	PKI-Certificate-Template
ms-PKI-Supersede-Templates	False	PKI-Certificate-Template
ms-PKI-Template-Minor-Revision	False	PKI-Certificate-Template
ms-PKI-Template-Schema-Version	False	PKI-Certificate-Template
msSFU-30-Posix-Member-Of	False	Top
netboot-SCP-BL	False	Top
Non-Security-Member-BL	False	Top
NT-Security-Descriptor	True	Top
Obj-Dist-Name	False	Top
Object-Category	True	Top
Object-Class	True	Top
Object-Guid	False	Top
Object-Version	False	Top
Other-Well-Known-Objects	False	Top
Partial-Attribute-Deletion-List	False	Top
Partial-Attribute-Set	False	Top
PKI-Critical-Extensions	False	PKI-Certificate-Template
PKI-Default-CSPs	False	PKI-Certificate-Template
PKI-Default-Key-Spec	False	PKI-Certificate-Template
PKI-Enrollment-Access	False	PKI-Certificate-Template
PKI-Expiration-Period	False	PKI-Certificate-Template
PKI-Extended-Key-Usage	False	PKI-Certificate-Template
PKI-Key-Usage	False	PKI-Certificate-Template
PKI-Max-Issuing-Depth	False	PKI-Certificate-Template
PKI-Overlap-Period	False	PKI-Certificate-Template
Possible-Inferiors	False	Top
Proxied-Object-Name	False	Top
Proxy-Addresses	False	Top
Query-Policy-BL	False	Top
RDN	False	Top
Repl-Property-Meta-Data	False	Top
Repl-UpToDate-Vector	False	Top
Reports	False	Top
Reps-From	False	Top
Reps-To	False	Top
Revision	False	Top
SD-Rights-Effective	False	Top
Server-Reference-BL	False	Top
Show-In-Advanced-View-Only	False	Top
Site-Object-BL	False	Top
Structural-Object-Class	False	Top
Sub-Refs	False	Top
SubSchemaSubEntry	False	Top
System-Flags	False	Top
USN-Changed	False	Top
USN-Created	False	Top
USN-DSA-Last-Obj-Removed	False	Top
USN-Intersite	False	Top
USN-Last-Obj-Rem	False	Top
USN-Source	False	Top
Wbem-Path	False	Top
Well-Known-Objects	False	Top
When-Changed	False	Top
When-Created	False	Top
WWW-Home-Page	False	Top
WWW-Page-Other	False	Top

Windows Server 2008 Extended Rights

This class contains the following extended rights for Windows Server 2008:

Common Name
Certificate-Enrollment

Windows Server 2008 R2

Attributes
Extended Rights

Entry	Value
System-Only	False
Object-Category	1
Default-Object-Category	-
Governs-Id	1.2.840.113556.1.5.177
Default-Hiding-Value	1
Rdn-Att-Id	Common-Name
Subclass of	Top
Possible Superiors	Container
Auxiliary Classes	-
NT-Security-Descriptor	O:BAG:BAD:S:
Default Security Descriptor	D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags	0x00000010

Windows Server 2008 R2 Attributes

This class contains the following attributes for Windows Server 2008 R2:

Attribute	Mandatory	Derived from
Admin-Description	False	Top
Admin-Display-Name	False	Top
Allowed-Attributes	False	Top
Allowed-Attributes-Effective	False	Top
Allowed-Child-Classes	False	Top
Allowed-Child-Classes-Effective	False	Top
Bridgehead-Server-List-BL	False	Top
Canonical-Name	False	Top
Common-Name	False	Top
Create-Time-Stamp	False	Top
Description	False	Top
Display-Name	False	PKI-Certificate-Template Top
Display-Name-Printable	False	Top
DSA-Signature	False	Top
DS-Core-Propagation-Data	False	Top
Extension-Name	False	Top
Flags	False	PKI-Certificate-Template Top
From-Entry	False	Top
Frs-Computer-Reference-BL	False	Top
FRS-Member-Reference-BL	False	Top
FSMO-Role-Owner	False	Top
Instance-Type	True	Top
Is-Critical-System-Object	False	Top
Is-Deleted	False	Top
Is-Member-Of-DL	False	Top
Is-Privilege-Holder	False	Top
Is-Recycled	False	Top
Last-Known-Parent	False	Top
Managed-Objects	False	Top
Mastered-By	False	Top
Modify-Time-Stamp	False	Top
ms-COM-PartitionSetLink	False	Top
ms-COM-UserLink	False	Top
ms-DFSR-ComputerReferenceBL	False	Top
ms-DFSR-MemberReferenceBL	False	Top
ms-DS-Approx-Immed-Subordinates	False	Top
ms-DS-AuthenticatedTo-Accountlist	False	Top
MS-DS-Consistency-Child-Count	False	Top
MS-DS-Consistency-Guid	False	Top
ms-DS-Enabled-Feature-BL	False	Top
ms-DS-Host-Service-Account-BL	False	Top
ms-DS-Is-Domain-For	False	Top
ms-DS-Is-Full-Replica-For	False	Top
ms-DS-Is-Partial-Replica-For	False	Top
ms-DS-KrbTgt-Link-BL	False	Top
ms-DS-Last-Known-RDN	False	Top
ms-DS-local-Effective-Deletion-Time	False	Top
ms-DS-local-Effective-Recycle-Time	False	Top
ms-DS-Mastered-By	False	Top
ms-DS-Members-For-Az-Role-BL	False	Top
ms-DS-NC-Repl-Cursors	False	Top
ms-DS-NC-Repl-Inbound-Neighbors	False	Top
ms-DS-NC-Repl-Outbound-Neighbors	False	Top
ms-DS-NC-RO-Replica-Locations-BL	False	Top
ms-DS-NC-Type	False	Top
ms-DS-Non-Members-BL	False	Top
ms-DS-Object-Reference-BL	False	Top
ms-DS-OIDToGroup-Link-BL	False	Top
ms-DS-Operations-For-Az-Role-BL	False	Top
ms-DS-Operations-For-Az-Task-BL	False	Top
ms-DS-Principal-Name	False	Top
ms-DS-PSO-Applied	False	Top
ms-DS-Repl-Attribute-Meta-Data	False	Top
ms-DS-Repl-Value-Meta-Data	False	Top
ms-DS-Revealed-DSAs	False	Top
ms-DS-Revealed-List-BL	False	Top
ms-DS-Tasks-For-Az-Role-BL	False	Top
ms-DS-Tasks-For-Az-Task-BL	False	Top
ms-Exch-Owner-BL	False	Top
ms-PKI-Certificate-Application-Policy	False	PKI-Certificate-Template
ms-PKI-Certificate-Name-Flag	False	PKI-Certificate-Template
ms-PKI-Certificate-Policy	False	PKI-Certificate-Template
ms-PKI-Cert-Template-OID	False	PKI-Certificate-Template
ms-PKI-Enrollment-Flag	False	PKI-Certificate-Template
ms-PKI-Minimal-Key-Size	False	PKI-Certificate-Template
ms-PKI-Private-Key-Flag	False	PKI-Certificate-Template
ms-PKI-RA-Application-Policies	False	PKI-Certificate-Template
ms-PKI-RA-Policies	False	PKI-Certificate-Template
ms-PKI-RA-Signature	False	PKI-Certificate-Template
ms-PKI-Supersede-Templates	False	PKI-Certificate-Template
ms-PKI-Template-Minor-Revision	False	PKI-Certificate-Template
ms-PKI-Template-Schema-Version	False	PKI-Certificate-Template
msSFU-30-Posix-Member-Of	False	Top
netboot-SCP-BL	False	Top
Non-Security-Member-BL	False	Top
NT-Security-Descriptor	True	Top
Obj-Dist-Name	False	Top
Object-Category	True	Top
Object-Class	True	Top
Object-Guid	False	Top
Object-Version	False	Top
Other-Well-Known-Objects	False	Top
Partial-Attribute-Deletion-List	False	Top
Partial-Attribute-Set	False	Top
PKI-Critical-Extensions	False	PKI-Certificate-Template
PKI-Default-CSPs	False	PKI-Certificate-Template
PKI-Default-Key-Spec	False	PKI-Certificate-Template
PKI-Enrollment-Access	False	PKI-Certificate-Template
PKI-Expiration-Period	False	PKI-Certificate-Template
PKI-Extended-Key-Usage	False	PKI-Certificate-Template
PKI-Key-Usage	False	PKI-Certificate-Template
PKI-Max-Issuing-Depth	False	PKI-Certificate-Template
PKI-Overlap-Period	False	PKI-Certificate-Template
Possible-Inferiors	False	Top
Proxied-Object-Name	False	Top
Proxy-Addresses	False	Top
Query-Policy-BL	False	Top
RDN	False	Top
Repl-Property-Meta-Data	False	Top
Repl-UpToDate-Vector	False	Top
Reports	False	Top
Reps-From	False	Top
Reps-To	False	Top
Revision	False	Top
SD-Rights-Effective	False	Top
Server-Reference-BL	False	Top
Show-In-Advanced-View-Only	False	Top
Site-Object-BL	False	Top
Structural-Object-Class	False	Top
Sub-Refs	False	Top
SubSchemaSubEntry	False	Top
System-Flags	False	Top
USN-Changed	False	Top
USN-Created	False	Top
USN-DSA-Last-Obj-Removed	False	Top
USN-Intersite	False	Top
USN-Last-Obj-Rem	False	Top
USN-Source	False	Top
Wbem-Path	False	Top
Well-Known-Objects	False	Top
When-Changed	False	Top
When-Created	False	Top
WWW-Home-Page	False	Top
WWW-Page-Other	False	Top

Windows Server 2008 R2 Extended Rights

This class contains the following extended rights for Windows Server 2008 R2:

Common Name
Certificate-Enrollment

Windows Server 2012

Attributes
Extended Rights

Entry	Value
System-Only	False
Object-Category	1
Default-Object-Category	-
Governs-Id	1.2.840.113556.1.5.177
Default-Hiding-Value	1
Rdn-Att-Id	Common-Name
Subclass of	Top
Possible Superiors	Container
Auxiliary Classes	-
NT-Security-Descriptor	O:BAG:BAD:S:
Default Security Descriptor	D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
System-Flags	0x00000010

Windows Server 2012 Attributes

This class contains the following attributes for Windows Server 2012:

Attribute	Mandatory	Derived from
Admin-Description	False	Top
Admin-Display-Name	False	Top
Allowed-Attributes	False	Top
Allowed-Attributes-Effective	False	Top
Allowed-Child-Classes	False	Top
Allowed-Child-Classes-Effective	False	Top
Bridgehead-Server-List-BL	False	Top
Canonical-Name	False	Top
Common-Name	False	Top
Create-Time-Stamp	False	Top
Description	False	Top
Display-Name	False	PKI-Certificate-Template Top
Display-Name-Printable	False	Top
DSA-Signature	False	Top
DS-Core-Propagation-Data	False	Top
Extension-Name	False	Top
Flags	False	PKI-Certificate-Template Top
From-Entry	False	Top
Frs-Computer-Reference-BL	False	Top
FRS-Member-Reference-BL	False	Top
FSMO-Role-Owner	False	Top
Instance-Type	True	Top
Is-Critical-System-Object	False	Top
Is-Deleted	False	Top
Is-Member-Of-DL	False	Top
Is-Privilege-Holder	False	Top
Is-Recycled	False	Top
Last-Known-Parent	False	Top
Managed-Objects	False	Top
Mastered-By	False	Top
Modify-Time-Stamp	False	Top
ms-COM-PartitionSetLink	False	Top
ms-COM-UserLink	False	Top
ms-DFSR-ComputerReferenceBL	False	Top
ms-DFSR-MemberReferenceBL	False	Top
ms-DS-Approx-Immed-Subordinates	False	Top
ms-DS-AuthenticatedTo-Accountlist	False	Top
ms-DS-Claim-Shares-Possible-Values-With-BL	False	Top
MS-DS-Consistency-Child-Count	False	Top
MS-DS-Consistency-Guid	False	Top
ms-DS-Enabled-Feature-BL	False	Top
ms-DS-Host-Service-Account-BL	False	Top
ms-DS-Is-Domain-For	False	Top
ms-DS-Is-Full-Replica-For	False	Top
ms-DS-Is-Partial-Replica-For	False	Top
ms-DS-Is-Primary-Computer-For	False	Top
ms-DS-KrbTgt-Link-BL	False	Top
ms-DS-Last-Known-RDN	False	Top
ms-DS-local-Effective-Deletion-Time	False	Top
ms-DS-local-Effective-Recycle-Time	False	Top
ms-DS-Mastered-By	False	Top
ms-DS-Members-For-Az-Role-BL	False	Top
ms-DS-Members-Of-Resource-Property-List-BL	False	Top
ms-DS-NC-Repl-Cursors	False	Top
ms-DS-NC-Repl-Inbound-Neighbors	False	Top
ms-DS-NC-Repl-Outbound-Neighbors	False	Top
ms-DS-NC-RO-Replica-Locations-BL	False	Top
ms-DS-NC-Type	False	Top
ms-DS-Non-Members-BL	False	Top
ms-DS-Object-Reference-BL	False	Top
ms-DS-OIDToGroup-Link-BL	False	Top
ms-DS-Operations-For-Az-Role-BL	False	Top
ms-DS-Operations-For-Az-Task-BL	False	Top
ms-DS-Principal-Name	False	Top
ms-DS-PSO-Applied	False	Top
ms-DS-Repl-Attribute-Meta-Data	False	Top
ms-DS-Repl-Value-Meta-Data	False	Top
ms-DS-Revealed-DSAs	False	Top
ms-DS-Revealed-List-BL	False	Top
ms-DS-Tasks-For-Az-Role-BL	False	Top
ms-DS-Tasks-For-Az-Task-BL	False	Top
ms-DS-TDO-Egress-BL	False	Top
ms-DS-TDO-Ingress-BL	False	Top
ms-DS-Value-Type-Reference-BL	False	Top
ms-Exch-Owner-BL	False	Top
ms-PKI-Certificate-Application-Policy	False	PKI-Certificate-Template
ms-PKI-Certificate-Name-Flag	False	PKI-Certificate-Template
ms-PKI-Certificate-Policy	False	PKI-Certificate-Template
ms-PKI-Cert-Template-OID	False	PKI-Certificate-Template
ms-PKI-Enrollment-Flag	False	PKI-Certificate-Template
ms-PKI-Minimal-Key-Size	False	PKI-Certificate-Template
ms-PKI-Private-Key-Flag	False	PKI-Certificate-Template
ms-PKI-RA-Application-Policies	False	PKI-Certificate-Template
ms-PKI-RA-Policies	False	PKI-Certificate-Template
ms-PKI-RA-Signature	False	PKI-Certificate-Template
ms-PKI-Supersede-Templates	False	PKI-Certificate-Template
ms-PKI-Template-Minor-Revision	False	PKI-Certificate-Template
ms-PKI-Template-Schema-Version	False	PKI-Certificate-Template
msSFU-30-Posix-Member-Of	False	Top
netboot-SCP-BL	False	Top
Non-Security-Member-BL	False	Top
NT-Security-Descriptor	True	Top
Obj-Dist-Name	False	Top
Object-Category	True	Top
Object-Class	True	Top
Object-Guid	False	Top
Object-Version	False	Top
Other-Well-Known-Objects	False	Top
Partial-Attribute-Deletion-List	False	Top
Partial-Attribute-Set	False	Top
PKI-Critical-Extensions	False	PKI-Certificate-Template
PKI-Default-CSPs	False	PKI-Certificate-Template
PKI-Default-Key-Spec	False	PKI-Certificate-Template
PKI-Enrollment-Access	False	PKI-Certificate-Template
PKI-Expiration-Period	False	PKI-Certificate-Template
PKI-Extended-Key-Usage	False	PKI-Certificate-Template
PKI-Key-Usage	False	PKI-Certificate-Template
PKI-Max-Issuing-Depth	False	PKI-Certificate-Template
PKI-Overlap-Period	False	PKI-Certificate-Template
Possible-Inferiors	False	Top
Proxied-Object-Name	False	Top
Proxy-Addresses	False	Top
Query-Policy-BL	False	Top
RDN	False	Top
Repl-Property-Meta-Data	False	Top
Repl-UpToDate-Vector	False	Top
Reports	False	Top
Reps-From	False	Top
Reps-To	False	Top
Revision	False	Top
SD-Rights-Effective	False	Top
Server-Reference-BL	False	Top
Show-In-Advanced-View-Only	False	Top
Site-Object-BL	False	Top
Structural-Object-Class	False	Top
Sub-Refs	False	Top
SubSchemaSubEntry	False	Top
System-Flags	False	Top
USN-Changed	False	Top
USN-Created	False	Top
USN-DSA-Last-Obj-Removed	False	Top
USN-Intersite	False	Top
USN-Last-Obj-Rem	False	Top
USN-Source	False	Top
Wbem-Path	False	Top
Well-Known-Objects	False	Top
When-Changed	False	Top
When-Created	False	Top
WWW-Home-Page	False	Top
WWW-Page-Other	False	Top

Windows Server 2012 Extended Rights

This class contains the following extended rights for Windows Server 2012:

Common Name
Certificate-Enrollment

Share via