Share via

Two Identical "Computer" Templates; cannot identify which one is legacy

Val3y 20 Reputation points
2026-01-06T15:26:46.9633333+00:00

I'm attempting to delete a legacy "Computer" template that only has a 1024 public key. Inside certsrv.msc >> Certificate Templates this is what I see

User's image

When I right-click >> Properties I get this page which is the exact same on both "Computer Templates.

User's image

If I right-click Certificate Templates >> Manage and view the Computer templates here I'm able to identify which one is the legacy one

User's image but I cant delete it.

User's image

I am able to delete the newer version if I wanted to BUT I want to delete the old one.
User's image

I'm able to identify which one is which but cant use that information when I go back to certsrv because there are not identifiers on the template. Any help would be apricated.

Windows for business | Windows Server | Directory services | Certificates and public key infrastructure (PKI)
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Chen Tran 8,065 Reputation points Independent Advisor
    2026-01-06T16:24:41.4833333+00:00

    Hello Val3y,

    Thank you for posting question on Microsoft Windows Forum.

    Based on the issue description. There might be a confusion here is that Certificate Templates in certsrv.msc are not the templates themselves, but instances of templates that have been published to the CA. The “Manage” view shows the full list of templates in AD, but the CA console only shows which ones are enabled for issuance. That might be the explanation of why you can not see identifiers or delete the legacy one directly from the CA console.

    The CA console only shows the Display Name (“Computer”), which is why both look identical. The Template Name (visible in certtmpl.msc) is the unique identifier. If you can delete the newer one but not the old one, it is probably of because the legacy template is a default system template. It can not be deleted from the CA console. It can only be unpublished. To truly remove it, you must delete it from AD via certtmpl.msc with Enterprise Admin rights.

    It is advisable of that in case you do not want to delete the legacy template, you can simply unpublish it from the CA. That way, it will not be issued anymore, but it remains in AD for reference.

    Hope the above information is helpful! If it is. Free feel to hit "Accepted" for benefitting others in community having the same issue too.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.