You have an enterprise certification authority (CA) named CA1. You have a certificate template named UserAutoEnroll that is based on the User certificate template. Domain users are configured to autoenroll for UserAutoEnroll. A user named User1 has an email address defined in Active Directory. A user named User2 does not have an email address defined in Active Directory. You discover that User1 was issued a certificate based on UserAutoEnroll template automatically. A request by user2 for a certificate based on the UserAutoEnroll template fails. You need to ensure that all users can autoenroll for certificated based on the UserAutoEnroll template.
Which setting should you configure from the properties on the UserAutoEnroll certificate template?
A . Issuance Requirements
B . Request Handling
C . Cryptography
D . Subject Name
Answer: D
Explanation:
Template properties – Subject Name tab E-mail name. If the E-mail name field is populated in the Active Directory user object, that e-mail name will be used for user accounts. The e-mail name is required for user certificates. If the e-mail name is not populated for a userin AD DS, the certificate request by that user will fail.
References:
https://technet.microsoft.com/en-us/library/Cc725621(v=WS.10).aspx