We are running into an issue with our local AD CS implementation.
We are currently trying to provide certificates for our VMware vCenter setup and this requires multiple certificates all issued to the same server but for different services on the server.
VMware uses the OrganizationalUnitName property in the Subject attribute to distinguish between the different services.
The issue arises when the certificate has been issued, even though the request to the AD CS server includes the OrganizationalUnitName it doesn't appear on the certificate, but it does however appear in the Issued Organizational Unit column if we look at the Issued Certificates list in the AD CS service.
So it would appear that AD CS is receiving the request correctly but not adding it to the certificate.
The certificate template used is based on the standard Web Server template, with a few changes, the Key Usage has been updated with the following two options: Signature is proof of origin (nonrepudiation) and Allow encryption of user data. The Application
Policies has been updated to include Client Authentication. The subject name is set to be supplied in the request.
Our AD CS setup is self-signed for internal purposes and running on Windows Server 2008 R2, which has been updated fully with Windows Update and the CA version is 6.1. The setup consists a root CA which is offline for security purposes and a intermediate CA which handles the requests.
Any help will be greatly appreciated.