asked on User Certificate Auto Enrollment fails when certificate is to be stored in AD
I am working on auto-enrollment of PKI certificates. I got everything working but when I auto-enroll the user certificate, the certificate is not auto-enrolled when this checkbox is enabled. If I uncheck it on the template, the user gets a new certificate. I'm assuming there's a certificate somewhere in AD I might have to clear out? Any help would be appreciated.
![Template Properties]()
Windows Server 2012Active Directory
Last Comment
Rahul Ramachandran
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
For deleting DC certificates follow the below steps
1) While logged on as a member of the local Administrators group, start the Microsoft Management console.
2) Add the Certificates MMC Snap-In.
3) Select Computer Account when prompted to select an account to manage.
In the Certificates MMC Snap-In, navigate to Personal in the left pane.
4) In the right pane, determine the domain controller certificate(s) by the template name as shown in the Certificate Templates column or select the certificate(s) by their intended purpose.
5) Delete the certificate(s) by selecting Delete on the Action menu.
6) Close the MMC Snap-In and log off.
User Certificates are stored in the below location (Local).
in Run type certmgr.msc
under personal - certificates
1) While logged on as a member of the local Administrators group, start the Microsoft Management console.
2) Add the Certificates MMC Snap-In.
3) Select Computer Account when prompted to select an account to manage.
In the Certificates MMC Snap-In, navigate to Personal in the left pane.
4) In the right pane, determine the domain controller certificate(s) by the template name as shown in the Certificate Templates column or select the certificate(s) by their intended purpose.
5) Delete the certificate(s) by selecting Delete on the Action menu.
6) Close the MMC Snap-In and log off.
User Certificates are stored in the below location (Local).
in Run type certmgr.msc
under personal - certificates
"Note: If the CA administrator configured the templates to not duplicate certificates if one already exists in Active Directory, you will have to delete the user’s certificate in Active Directory in order for Autoenrollment to pull down a new certificate."
How do I delete the user's certificate? where does it get stored? I figured under "user mappings" but I don't see anything there.