We don't run the same setup, but they are almost certainly using EAP-TLS if they are using certs in a Microsoft authentication environment (which is what it sounds like here).

So here are the settings I suggest you try when creating a new connection:

Connection type: WLAN
Security method: WPA with EAP
EAP type: TLS
Select certificate: your personal certificate
Advanced / Other: you may or may not need to check WPA2-only mode... try both.
Advanced / EAP: you may or may not need to use Manual user name... try both.
Manual user name: your domain ID, WITHOUT specifying the domain.
Don't require client authentication.

This is my best guess... as I said we don't have quite the same environment but maybe someone else here does and can tell you what they use.