Updated requirements for a Windows Server 2008 R2 domain controller certificate from a 3rd party CA

Ingolfur has written a blog post as well as a TechNet Wiki article describing how a Windows Server 2008 R2 certification authority (CA) parses certificates, especially those from a third-party (3rd party) non-Microsoft CA. He also covers the Key Distribution Center (KDC) enhanced key usage (EKU) object identifiers (OIDs) and in the blog post KDC event ID 29.

TechNet Wiki article: Updated requirements for a Windows Server 2008 R2 domain controller certificate from a 3rd party CA 

https://social.technet.microsoft.com/wiki/contents/articles/updated-requirements-for-a-windows-server-2008-r2-domain-controller-certificate-from-a-3rd-party-ca.aspx

Blog post: Smartcard logon using certificates from a 3rd party on a Domain Controller and KDC Event ID 29