Hi all, I've installed a PKI in my AD2008 R2 in the forest A. I would like to create smartcard certificate for a forest B without trust relashionship and no pki. On my forest A I've created a smartcard logon certificate but the default smartcard logon certificate generate a certificate for the connected user. The template don't give the possibility to type the UPN of an user in the forest B. What should I modify in the template to add a manual field? Thanks in advance

On Fri, 24 Jun 2011 08:03:40 +0000, PY LB wrote: Hi all, I've installed a PKI in my AD2008 R2 in the forest A. I would like to create smartcard certificate for a forest B without trust relashionship and no pki. On my forest A I've created a smartcard logon certificate but the default smartcard logon certificate generate a certificate for the connected user. The template don't give the possibility to type the UPN of an user in the forest B. What should I modify in the template to add a manual field? Thanks in advance What you're trying to do is not as simple as you're trying to make it. This white paper will explain what is required: http://www.microsoft.com/downloads/en/details.aspx?familyid=D408BE72-7C74-4B19-A2DE-FA11858C30B2&displaylang=en Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca One picture is worth 128K words.

Thanks for your answer, But this white template doesn't inform how to modify a smartcard logon template to add the name from another forest. I know that I should generate a certificate with a DC template for each of my DC servers in the second forest.

This is a confusing thread. Your thread is labeled smart card logon certificates, but you persist in discussing DC templates What are you after? Can you please provide a multi-part question with what details you need Brian