# DC Template

## AppConfig:ActiveDirectory:DC:Enabled

*Linux: AppConfig\_\_ActiveDirectory\_\_DC\_\_Enabled*

**Value:** *true* or *false* (default)

**Description:** This setting enabled the certificate template `KerberosAuthentication`  targeted at Domain Controllers.

## AppConfig:ActiveDirectory:<code class="expression">page.vars.cert\_template</code>:TemplateName

*Linux: AppConfig\_\_ActiveDirectory\_\_*<code class="expression">page.vars.cert\_template</code>*\_\_TemplateName*

**Value:** Certificate template name

**Description:** This setting you to choose a custom template name for this certificate template. It is displayed when you manually enroll a certificate of that template. For maximum compatibility, choose a name witho only alphanumeric characters and no blanks.

## AppConfig:ActiveDirectory:<code class="expression">page.vars.cert\_template</code>:GroupFilter

*Linux: AppConfig\_\_ActiveDirectory\_\_*<code class="expression">page.vars.cert\_template</code>*\_\_GroupFilter*

**Value:** Comma-separated list of AD groups specified by their SID

**Description:** This setting allows to limit which Active Directory group members are allowed to enroll certificates for this certificate template. If configured, it overrides the general setting [AppConfig:ActiveDirectory:GroupFilter](#appconfig-activedirectory-groupfilter).

## AppConfig:ActiveDirectory:<code class="expression">page.vars.cert\_template</code>:Ksps

*Linux: AppConfig\_\_ActiveDirectory\_\_*<code class="expression">page.vars.cert\_template</code>*\_\_Ksps*

**Value:** Semicolon-separated list of CSPs/KSPs allowed for key generation

**Description:** You can define the key storage providers in which the certificates private key might be created in. If no value is specified, all KSPs are allowed to be used, and the client decides which KSP suites best. Valid values include:

* **Microsoft Platform Crypto Provider** - Stores the private key in the device's TPM.
* **Microsoft Passport Key Storage Provider**
* **Microsoft Software Key Storage Provider** - Stores the private key on the hard drive, secured with the machine key.
* **Microsoft Smart Card Key Storage Provider** - Stores the private key on a smart card.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.scepman.com/scepman-configuration/application-settings/active-directory/dc-template.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.