Generating User Certificates with a sAMAccountName as the CN
I am configuring 802.1x for a wireless deployment. I am using Microsoft CA Services to do auto-enroll for user certificates. The problem I am having is that the template I cloned (the user template), generates the CN as the "Display Name" (e.g. John Doe) what I would like for it to use is the sAMAccountName (e.g. jdoe). The issue is that if I do `display name`, the user would need to type "John Doe" for the EAP while everything else would be `Jdoe`. Does anyone know of a way to do this? We are using FortiAuthenticator as the RADIUS server.
Side note, I was able to get it working using the FortiAuthenticator as the CA but I cannot use GPO to auto-enroll the users so it makes it more complex.
Are these domain based machines or personal devices that a user brings in?