How can I get an OID for a certificate template?

I'm using C# (or VBScript) to issue a certificate from an Enterprise CA.

According to this answer, I need to specify the OID instead of the certificate name, and place it in an unexpected portion of code. (IMHO I should place it where the null string is)

I'm looking at certificate manager, templates, et.al, and can't locate the OID I should be using. Have any suggestions?

Solution 1:

Certificate Templates are stored in the Configuration partition of Active Directory.

For instance, if your Certificate Template is named "Smartcard," then its DN would be:

CN=Smartcard,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=Contoso,DC=Com

The msPKI-Cert-Template-OID attribute of that object contains the OID you seek.

Edit: Here's some Powershell:

PS C:\Users\Ryan> Get-ADObject 'CN=Smartcard,CN=Certificate Templates,CN=Public Key Services,CN=Services,CN=Configuration,DC=Contoso,DC=Com' -Properties msPKI-Cert-Template-OID


DistinguishedName       : CN=Smartcard,CN=Certificate Templates,CN=Public Key
                          Services,CN=Services,CN=Configuration,DC=Contoso,DC=Com
msPKI-Cert-Template-OID : 1.3.6.1.4.1.311.21.8.13882702.11110958.1330334.1890290.2281445.541.2.14
Name                    : Smartcard
ObjectClass             : pKICertificateTemplate
ObjectGUID              : 1cd4698d-56fe-4d4b-8005-f89a76d24ae1

Solution 2:

I had trouble with finding the distinguished name for a certificate template, so I found a different way than the other answers by following these steps:

• Open MMC and add the Certificate Templates snap-in (File > Add/Remove Snap-ins > Certificate Templates - you may need to run as administrator to have this snap-in available)
• Right Click the certificate template you want the OID of
• Open Properties
• Open Extensions tab
• Select Certificate Template Information
• The OID will be visible in the description below after "Object identifier"