It is possible to Map a certificate to a Active Directory User Account from
DotNet?
Please provide an example.
Best regards,
Ejnar Jakobsgaard
-------------------------------------------------
To map a certificate to a user account
Open Active Directory Users and Computers.
On the View menu, select Advanced Features.
In the console tree, click Users.
Where?
Active Directory Users and Computers
domain node
Users
Or, click the folder that contains the user account.
In the details pane, click the user account to which you want to map a
certificate.
On the Action menu, click Name Mappings.
In the Security Identity Mapping dialog box, on the X.509 Certificates tab,
click Add.
Type the name and path of the .cer file that contains the certificate you
want to map to this user account, and then click Open.
Do one of the following: To Do this
Map the certificate to one account (one-to-one mapping) Confirm that both
the Use Issuer for alternate security identity and the Use Subject for
alternate security identity check boxes are selected.
Map any certificate that has the same subject to the user account,
regardless of the issuer of the certificate (many-to-one mapping) Clear the
Use Issuer for alternate security identity check box, and confirm that the
Use Subject for alternate security identity check box is selected.
Map any certificate that has the same issuer to the user account, regardless
of the subject of the certificate (many-to-one mapping) Clear the Use Subject
for alternate security identity check box, and confirm that the Use Issuer
for alternate security identity check box is selected.
Notes
To perform this procedure, you must be a member of the Account Operators
group, Domain Admins group, or the Enterprise Admins group in Active
Directory, or you must have been delegated the appropriate authority. As a
security best practice, consider using Run as to perform this procedure.
To open Active Directory Users and Computers, click Start, click Control
Panel, double-click Administrative Tools, and then double-click Active
Directory Users and Computers.
The certificate you are mapping to a user account must be in Distinguished
Encoding Rules (DER) or Base64 encoded binary format. For instructions on
exporting an existing certificate to a .cer file, see Related Topics.