Replicating certificate templates and policies

Use Active Directory's replication mechanism to make certificate templates and policies available to multiple domain controllers existing in your domain. All domain controllers in the forest receive a copy of any updated configuration container automatically.

Certificates are also stored in Active Directory and they are replicated to each domain controller in the forest. The process of replicating data can take up to eight hours across Active Directory instances. Replication for all computers occurs earlier if the domain controller computer is rebooted. The policy information of a particular machine is refreshed whenever that computer is rebooted.

You can use a gpupdate command to force a client to refresh its policy information:

gpupdate /force

You must repeat this replication step for changes to take effect whenever your certificate templates are modified.

Automatic replication needs more time, especially if you are in a sub-domain.