|Subject:||Certificates, Autoenrollment, Credential Roaming and User's Personal Store|
|Posted by:||BillL (wla…@yahoo.com)|
|Date:||Tue, 29 Apr 2008|
I have a user cert set up for autoenrollment. The cert is published
in AD and the "Do not automatically reenroll if a duplicate
certificate exists in Active Directory" checkbox is checked. The CA
is a Windows 2003 Enterprise CA. Credential Roaming is also set up in
Autoenrollment and credential roaming seem to be working fine but I do
encounter an issue when a workstation is reimaged or the certs are
deleted from the user's personal store on a workstation. After one of
these occurences the user's personal store never gets a copy of the
user's existing certs on that workstation.
The only way to populate the store is to have them issued a new
certificate by deleting the user's certs from the CA and their AD
object. After this the autoenrollment process will populate the
personal store with a brand new user certificate.
I'd rather not generate a new cert each time. Is there a way to get
the existing certs automatically copied to the user's personal store
on a workstation?
Thanks for your help.