When requesting a new AD CA certifiate via web enrolment, if it's ignoring the SAN attribute in the Attributes field, run this command on the CA:
certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
Then restart the CA service:
net stop certsvc
net start certsvc
Credit to Terence Luk.
An example of the value to use in the Attributes field to have SANs "MYSERVER" and "MYSERVER.mydomain.com" is:
san:dns=MYSERVER&dns=MYSERVER.mydomain.com