Map a certificate to a user account in Server OS

Membership in Account Operators , Domain Admins , or Enterprise Admins , or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at http://go.microsoft.com/fwlink/?LinkId=83477.

1. To open Active Directory Users and Computers, click Start , click Control Panel , double-click Administrative Tools , and then double-click Active Directory Users and Computers .
   To open Active Directory Users and Computers in Windows Server® 2012, click Start , type dsa.msc .
2. On the View menu, select Advanced Features .
3. In the console tree, click Users .
   Where?
   • Active Directory Users and Computers/ domain node /Users
     
   Or, click the folder that contains the user account.
4. In the details pane, right-click the user to which you want to map a certificate, and then click Name Mappings .
5. In the Security Identity Mapping dialog box, on the X.509 Certificates tab, click Add .
6. Type the name and path of the .cer file that contains the certificate that you want to map to this user account, and then click Open .
7. Do one of the following:
   • To map the certificate to one account (one-to-one mapping), confirm that both the Use Issuer for alternate security identity check box and the Use Subject for alternate security identity check box are selected.
     
   • To map any certificate that has the same subject to the user account, regardless of the issuer of the certificate (many-to-one mapping), clear the Use Issuer for alternate security identity check box, and confirm that the Use Subject for alternate security identity check box is selected.
     
   • To map any certificate that has the same issuer to the user account, regardless of the subject of the certificate (many-to-one mapping), clear the Use Subject for alternate security identity check box, and confirm that the Use Issuer for alternate security identity check box is selected.