Joining a machine to the domain using a smart card

The Smart Card Certificate should have one of the following conditions :·

  • -The DNS domain name in the DN. If it does not, then resolution to appropriate domain will fail, and TS and domain join with smartcard will fail.
  • -Smart card certificate must contain a UPN where the domain part of the UPN must resolve to the actual domain.

Else, The workaround is to supply a hint (enabled via GPO setting X509HintsNeeded in the credentials user interface for domain join.

To deploy root certificates on smart card for the currently joined domain, you can use the following command:

certutil –scroots

2 comments on “Joining a machine to the domain using a smart card

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s