Map a Certificate to a User Account

To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.

On the View menu, select Advanced Features.

In the console tree, click Users.

Where?

• Active Directory Users and Computers/domain node/Users
  
  

Or, click the folder that contains the user account.

In the details pane, right-click the user to which you want to map a certificate, and then click Name Mappings.

In the Security Identity Mapping dialog box, on the X.509 Certificates tab, click Add.

Type the name and path of the .cer file that contains the certificate that you want to map to this user account, and then click Open.

Do one of the following:

• To map the certificate to one account (one-to-one mapping), confirm that both the Use Issuer for alternate security identity check box and the Use Subject for alternate security identity check box are selected.
  
  
• To map any certificate that has the same subject to the user account, regardless of the issuer of the certificate (many-to-one mapping), clear the Use Issuer for alternate security identity check box, and confirm that the Use Subject for alternate security identity check box is selected.
  
  
• To map any certificate that has the same issuer to the user account, regardless of the subject of the certificate (many-to-one mapping), clear the Use Subject for alternate security identity check box, and confirm that the Use Issuer for alternate security identity check box is selected.