Use this payload to set authentication information for Active Directory Certificate servers. Active Directory Certificate servers bind a user identity or device to a private key that is stored in a directory server. This payload lets the device or user use the stored key for service encryption and authentication.
Note: Use the Active Directory certificate payload for OS X device, user, and user group configuration profiles. For more information, see About profiles and payloads and Payload best practices.
The following entries are required:
The description of the certificate request
The fully qualified domain name or IP address of the certificate server
The name of the Certificate Authority (the common name or CN attribute value of the directory entry at “CN=<your CA>,N=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,<your base DN>”
The following entries are optional:
The certificate template type
The user name and password credentials (optional for users and groups, unnecessary for devices and device groups)
To bind OS X to Active Directory, see Directory settings.