I have setup Autoenrollment for S/MIME from my Internal PKI (Two tier published to ad) . I used these templates with option "Publish to AD"
Signing = Exchange Signature Only
Encryption = Exchange User
My Subject Name is FQDN and Email for both. Alternative also email.
I successfully deployed certificates based on the created templates and i see them in outlook. They are also published to ad and i can look them up in "AD User & Computer" and adsi edit (its the same amount of certifcates in attribute userCertificate)
My understanding is that i could now send an encrypted message to my test user and outlook would find the public key in my AD. So i don't have to publish them to GAL.
But when i try to send a signed and encrypted message outlook says it can not encrypt message, only sign them. When i look up the certificate for the signed message it says valid and trusted. Is there a way to troubleshoot this because i can't what i'm missing.