Apple has a page with some white papers which may be helpful here:
In particular, the best practices for integrating with AD (which references the Kbase you linked to):
And the 802.1X authentication white paper:
Which includes sample profiles for integrating 802.1X with an AD CA.
Here is what I found helpful:
802.1x EAP-TLS Machine Authentication in Mt. Lion with AD Certificates
How to request a certificate from a Microsoft Certificate Authority using DCE/RPC and the Active Directory Certificate profile payload:
I tripped up here becase my CA was named differently than the computer name. If you open a command prompt on the windows CA and type the command certutil –cainfo you should see several peices of information that will make filling out The name of the CA straight forward. You should use the Sanitized CA short name (DS name) for The name of the CA:
and certutil –cainfo will clearly show you that value.
One other thing to pay close attension to is you should use the Template name and not the Template display name for the Certificate Template field. These can be different (see below).