To map a certificate to a user account in Active Directory
- Log on to the system as an Administrator.
- Open Active Directory Users and Computers.
- Click on Active Directory Users and Computers. On the View menu, click Advanced Features to put a check mark next to it (if it is not already checked).
- Double-click the domain name in the console tree.
- Do one of the following:
- Click Users.
- Click the container where the user account is located
- Active Directory Users and Computers
- domain
- user container
- In the details pane, click the user account to which you want to map a certificate.
- On the Action menu, click Name Mappings. On the X.509 Certificates tab in the Security Identity Mapping window click Add.
- Type the name and path of the .cer file that contains the certificate you want to map to this user account, then click Open.
- Do one of the following:
To |
Do this |
Map the certificate to one account (one-to-one mapping) |
Confirm that both the Use Issuer for alternate security identity and the Use Subject of alternate security identity check boxes are selected. |
Map any certificate that has the same subject to the user account, regardless of the issuer of the certificate (many-to-one mapping) |
Clear the Use Issuer for alternate security identity check box and confirm that the Use Subject of alternate security identity check box is selected. |
Map any certificate to that has the same issuer to the user account, regardless of the subject of the certificate (many-to-one mapping) |
Clear the Use Subject of alternate security identity check box and confirm that the Use Issuer for alternate security identity check box is selected. |
Notes
- To open Active Directory Users and Computers, click Start, point to Programs, point to Administrative Tools, and then click Active Directories Users and Computers.
- The certificate you are mapping to a user account must be in DER or Base64 encoded binary format. See Related Topics for instructions on exporting an existing certificate to a .cer file.
- If Name Mappings does not appear on the Action menu, it is because you don't have Advanced Features checked in the View menu.