Please tell what purpose of certificate in user account in AD? Certificate issued by domain CA (Certification Authority) with template Smartcard Logon. Will be functional correctly Smartcard Logon on PC or VPN Access through VPN Server with this user certificate in case certificate is not present in AD user account (has not added or has removed)? Certificate correctly has issued by CA and has not revoked. Certificate is not present in AD account only.

smart card logon certificates in user account properties can be used for certificate mapping purposes in VPN/IIS/etc. read more: http://technet.microsoft.com/en-us/library/bb742438.aspx http://en-us.sysadmins.lv

Thanks, Does require certificate in user account for Smartcard Logon to workstation work properly?

On Fri, 9 Jul 2010 11:35:48 +0000, A-mag wrote: Does require certificate in user account for Smartcard Logon to workstation work properly? By default, no. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca

actually this is not required for interactive logon by using smartcards. However this may be required for other scenarios. In other words you always should publish smart card certificate to user account properties.http://en-us.sysadmins.lv

Thank you! Is there any book or article to read about it? What another scenarios may require certificates in AD account? The purposes of certificate "SmatCard User" are: SmartCard Logon, Client Autentification, Secure E-mail. About SmartCard Logon there are no questions (it works), and how about Client auth and Secure e-mail, is this works without certificate in AD account?

Hi, Publishing a certificate in Active Directory enables all users or computers with adequate permissions to retrieve the certificate as needed. It may also affect the autoenrollment process. If a certificate template is marked to check Active Directory for an existing certificate, Active Directory will be queried for an existing duplicate certificate on the userCertificate attribute of the user object and the requirement will be removed from the list, if successful.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.