Duplicate Certificate Templates Appear in Active Directory

This article was previously published under Q264589
This article has been archived. It is offered "as is" and will no longer be updated.
Duplicate certificate templates may appear in Active Directory when you attempt to create or modify an Automatic Certificate Request, Public-Key Policy.
This behavior occurs when an additional Enterprise Certificate Authority (CA) is installed in Active Directory before the certificate template objects are completely replicated throughout the enterprise. When this happens, a replication collision occurs.
To resolve this issue, use the following steps:
  1. Click Start, click Run, type dssite.msc, and then press ENTER.
  2. Click View from the list, and then click Show Services Node.
  3. Expand the Services node.
  4. Expand Public Key Services.
  5. Click Certificate Templates.
  6. The right side of the screen is populated with certificate templates.Select all objects that have a Globally Unique Identifier (GUID) at the end of the object name, as shown in the following example:
  7. Press DELETE.
  8. Allow intra-site and inter-site replication to finish before you add any additional Enterprise CAs.
For additional information about replication collision, click the article number below to view the article in the Microsoft Knowledge Base:
218614 Replication Collisions in Windows 2000

Article ID: 264589 - Last Review: 10/20/2013 21:28:57 - Revision: 2.2

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • kbnosurvey kbarchive kbactivedirectoryrepl kbcertservices kbenv kbgpo kbppkey kbprb kbschema KB264589