Historical Content Alert

This is a historical content for Windows 2000 product and is presented for informative purposes only. All content on this page is copyrighted and owned by Microsoft.

To map a certificate to a user account in Active Directory

  1. Log on to the system as an Administrator.
  2. Open Active Directory Users and Computers.
  3. Click on Active Directory Users and Computers. On the View menu, click Advanced Features to put a check mark next to it (if it is not already checked).
  4. Double-click the domain name in the console tree.
  5. Do one of the following:
    • Click Users.
    • Click the container where the user account is located

      • Active Directory Users and Computers
      • domain
      • user container
  6. In the details pane, click the user account to which you want to map a certificate.
  7. On the Action menu, click Name Mappings. On the X.509 Certificates tab in the Security Identity Mapping window click Add.
  8. Type the name and path of the .cer file that contains the certificate you want to map to this user account, then click Open.
  9. Do one of the following:
    To Do this
    Map the certificate to one account (one-to-one mapping) Confirm that both the Use Issuer for alternate security identity and the Use Subject of alternate security identity check boxes are selected.
    Map any certificate that has the same subject to the user account, regardless of the issuer of the certificate (many-to-one mapping) Clear the Use Issuer for alternate security identity check box and confirm that the Use Subject of alternate security identity check box is selected.
    Map any certificate to that has the same issuer to the user account, regardless of the subject of the certificate (many-to-one mapping) Clear the Use Subject of alternate security identity check box and confirm that the Use Issuer for alternate security identity check box is selected.

Notes

  • To open Active Directory Users and Computers, click Start, point to Programs, point to Administrative Tools, and then click Active Directories Users and Computers.
  • The certificate you are mapping to a user account must be in DER or Base64 encoded binary format. See Related Topics for instructions on exporting an existing certificate to a .cer file.
  • If Name Mappings does not appear on the Action menu, it is because you don't have Advanced Features checked in the View menu.

Share this article: