I recently completed implementation of credential roaming in my environment, primarily for 802.1x Wireless Authentication.
We've had some new laptops join the domain and found that the user's certificate from Active Directory is not being imported into the local user certificate store on these new computers. I have tried:
- certutil -pulse, which did not import the user certificate into the local store.
- revoking the existing user certificate on the CA and deleting the certificate from the user object in Active Directory. User now has no certificate, and logoff/logon does not generate a new one.
I know that the policy applies because the new computers have a computer certificate.
So I have some immediate questions:
1. Is there a easy way to import the user certificate in Active Directory to the local certificate store on the computer?
2. What methods can I use to troubleshoot the enrollment for the new user certificate?
3. In some cases, a user's local profile was backed up from their old computer and restored to the new one. Would this process also restore the user's personal certificate profile? Where is this content within the user's profile?
Thanks in advance for your guidance.