Custom application policy and certificate policy OIDs are not exported

[Crypt32]

In ADCS, PKI administrators may define custom application policies (MSFT analogue of Enhanced Key Usage extension) and certificate policies. When exporting certificate template, it might be reasonable to export custom OIDs (non-standard) as well and register them in target forest if they are absent.

• Application policies are smple OID<=>VALUE mappings.
• Certificate policy OIDs are same OID<=>VALUE mappings, but contain additional policy qualifiers: -- CPS (certificate practices statement) location URL -- Short description (user notice)

Both are optional, but at least one policy qualifier must be specified. ADCS does not allow empty policies.