I need to add the 'Subject' field to certs for AD. However, default setup for AD doesnt include this in the templates (Kerberos Authentication and Domain Controller Authentication). So, when AD comes up, and then you setup CA on a server and AD starts using the CA, it grabs those default templates and doesnt have a Subject (does have a SAN however, but the app i need this work with, doesnt take the SAN).
Currently using AWS AD and CA is on a dif box from the actual DCs. AWS actually limits me from accessing the DCs directly.
I was looking at openssl to just generate a new CSR from the current cert and see if i could add the subject value in there, but i dont have the private key for the cert, so I appear to be stuck.
Answer: Create (or copy) a template with all needs.
Back at the CA MMC: Right-click Templates again > New > Certificate Template to issue choose your new template.
Also, in the 'templates' pop-up window, not sure if its relevant to "Reenroll All Certificate Holders"? I did the reenroll bit. But, the two DCs ended up grabbing the certs on their own, i didnt have to make a cert request for them (i did on one for one of the two templates, but the other server grabbed everything on its own).