Collections:
Other Resources:
Credential Roaming
Credential roaming allows organizations to store certificates and private keys in Active Directory Domain Services (ADÂ DS) separately from application state or configuration information.
How credential roaming works
Credential roaming uses existing logon and autoenrollment mechanisms to securely download certificates and keys to a local computer whenever a user logs on and, if desired, remove them when the user logs off. In addition, the integrity of these credentials is maintained under any conditions, such as when certificates are updated and when users log on to more than one computer at a time.
The following steps describe how digital credential roaming works.
✠| Note |
Newly issued certificates are stored in the certificate store on the client computer and replicated to ADÂ DS. |
! | Important |
In multi-domain environments and domains with multiple domain controllers, credentials may not be immediately available when a user logs on to the network by using one domain controller shortly after being issued a certificate on a computer that validates the user's identity against a different domain controller. The credentials will only become available after replication has been completed between the two domains or domain controllers. |
Credential roaming is triggered any time a private key or certificate in the user's local certificate store changes, whenever the user locks or unlocks the computer, and whenever Group Policy is refreshed.
All certificate-related communication between components on the local computer and between the local computer and ADÂ DS is signed and encrypted.
✍: Microsoft
2016-07-17, 5915🔥, 0💬
Popular Posts:
What is the purpose of the OpenSSL "rsautl -sign" command? Can I use it to sign a document? Yes, you...
Certificate summary - Owner: *.sahibinden.com, Terms of use at www.verisign.com/rpa (c)05, Sahibinde...
Certificate Summary: Subject: AlphaSSL CA - SHA256 - G2 Issuer: GlobalSign Root CA Expiration: 2024-...
Certificate summary - Owner: *.pof.com, PlentyOfFish Media Inc., L=Vancouver, ST=British Columbia, C...
Certificate summary - Owner: target.zedo.com, Domain Control Validated, target.zedo.com Issuer: SERI...