New-ADCSTemplate creates something weird

[jakko10]

Hi,

Here is my issue: I create a template, then: Export-ADCSTemplate -DisplayName "Web Server Template" > .\webservertemplate.json

After that, I delete the template from the server and run: New-ADCSTemplate -DisplayName 'Web Server Template' -JSON (Get-Content .\webservertemplate.json -Raw) -Identity "Contoso\DC$"

Then I issue the certificate. All good so far. But when I now request this certificate and try to enroll it I get:

Active Directory Certificate Services denied request 11 because The requested certificate template is not supported by this CA. 0x80094800 (-2146875392 CERTSRV_E_UNSUPPORTED_CERT_TYPE). The request was for CONTOSO\DC$. Additional information: Denied by Policy Module 0x80094800, The request was for a certificate template that is not supported by the Active Directory Certificate Services policy: 1.3.6.1.4.1.311.21.8.9859221.16429217.5656198.9359005.7585435.138.94555984.49861486.

Certificate enrollment for Local system failed to enroll for a WebServerTemplate certificate with request ID 11 from dc.Contoso.Azure\Contoso Certificate Authority (The requested certificate template is not supported by this CA. 0x80094800 (-2146875392 CERTSRV_E_UNSUPPORTED_CERT_TYPE)).

I guess something goes broken during this export/import