For WSTEP enrollment with Certificate Enrollment Gateway, your Windows domain must have the 2016 Active Directory schema or later.
To check the current Active Directory schema version
- Log in to the server hosting Active Directory.
- Open a PowerShell window. Select Start > Windows PowerShell > Windows PowerShell.
Enter the following command:
Get-ADObject (Get-ADRootDSE).schemaNamingContext -properties objectVersion
The version returned by the command must be 87 or greater.