Certificates, Autoenrollment, Credential Roaming and User's Personal Store

Giganews Newsgroups
Subject: Certificates, Autoenrollment, Credential Roaming and User's Personal Store
Posted by:  BillL (wla…@yahoo.com)
Date: Tue, 29 Apr 2008

Hi,

I have a user cert set up for autoenrollment.  The cert is published
in AD and the "Do not automatically reenroll if a duplicate
certificate exists in Active Directory" checkbox is checked.  The CA
is a Windows 2003 Enterprise CA.  Credential Roaming is also set up in
the environemnt.

Autoenrollment and credential roaming seem to be working fine but I do
encounter an issue when a workstation is reimaged or the certs are
deleted from the user's personal store on a workstation.  After one of
these occurences the user's personal store never gets a copy of the
user's existing certs on that workstation.

The only way to populate the store is to have them issued a new
certificate by deleting the user's certs from the CA and their AD
object.  After this the autoenrollment process will populate the
personal store with a brand new user certificate.

I'd rather not generate a new cert each time.  Is there a way to get
the existing certs automatically copied to the user's personal store
on a workstation?

Thanks for your help.
Bill

Replies