Log in to a Certificate Authority(CA) on your domain.
On the server, launch the Start menu and search for the Certificate Authority snap-in.
Once in the Certificate Authority snap-in, click Issuing CA. The name of the Issuing CA as it appears here in the snap-in will be needed when adding AD CS servers to the Kandji integration.
Right-click the Certificate Templates folder and click Manage.
In the Certificate Templates window, find the Computer template and right-click it. Then, click Duplicate Template.
In the Properties window, click the General tab.
Set the display name and template name to something like KandjiDevice. The template name will be needed when creating Library Items that contain AD CS certificate settings.
Next, click the Compatibility tab.
For Certificate Authority, select Windows Server 2016. In the change dialog, click OK.
For Certificate Recipients, select Windows 10 / Windows Server 2016. In the change dialog, click OK.
Click the Subject Name tab.
Select the option to Supply in the request and click OK in the warning dialog.
Now, click the Security tab.
Under Groups or user names, click Add.
In the Select Users, Computers, Service Accounts, or Groups window, click Object Types.
In the Object Types window, select Computers.
In the object names search field, enter the name of the Windows server that will be used to host the AD CS Connector. In the screenshot below, lab000001 is the computer name being used
While still on the Security tab, select the computer object that was just added. Then, in the Permissions section, under Allow, make sure that Read and Enroll are selected.
Click Apply and then OK.
Go back to the main Certificate Authority snap-in, right-click Certificate Templates again, and select New > Certificate Template to issue.
Select the template you created (in our example, KandjiDevice).
Confirm that the template is shown in the list.