Map a certificate to a user account

To map a certificate to a user account

Open Active Directory Users and Computers.
On the View menu, select Advanced Features.
In the console tree, click Users.
Where?
- Active Directory Users and Computers
- domain node
- Users
Or, click the folder that contains the user account.
In the details pane, click the user account to which you want to map a certificate.
On the Action menu, click Name Mappings.
In the Security Identity Mapping dialog box, on the X.509 Certificates tab, click Add.
Type the name and path of the .cer file that contains the certificate you want to map to this user account, and then click Open.

Do one of the following:

To	Do this
Map the certificate to one account (one-to-one mapping)	Confirm that both the Use Issuer for alternate security identity and the Use Subject for alternate security identity check boxes are selected.
Map any certificate that has the same subject to the user account, regardless of the issuer of the certificate (many-to-one mapping)	Clear the Use Issuer for alternate security identity check box, and confirm that the Use Subject for alternate security identity check box is selected.
Map any certificate that has the same issuer to the user account, regardless of the subject of the certificate (many-to-one mapping)	Clear the Use Subject for alternate security identity check box, and confirm that the Use Issuer for alternate security identity check box is selected.

Notes

XOX
XOX
The certificate you are mapping to a user account must be in Distinguished Encoding Rules (DER) or Base64 encoded binary format. For instructions on exporting an existing certificate to a .cer file, see Related Topics.