How to Verify That a Digital Certificate Has Been Added to a User's Active Directory Account


This topic explains how to verify that a digital certificate has been added to a user's Active Directory Account for the purposes of setting up a PKI/Exchange test environment.

The computer account and domain names used in this procedure are based on the test environment described in Implementing an Exchange 2003-Based Message Security System in a Test Environment.

Before You Begin

Either at the console or through a terminal session, log on to CONT-CA01 as a member of the Certification Authority Administrators group.


To verify that the certificate has been added to a user's Active Directory account

  1. Click Start, point to All Programs, point to Administrative Tools, and then click Active Directory Users and Computers.

  2. Click View, and then click Advanced Features.

  3. In the left pane, click the Users folder.

  4. In the right pane, double-click one of the test users.

  5. Click the Published Certificates tab.

  6. In the List of X509 certificates published for the user account list, you should see the user's digital certificate from the Windows CA along with any other digital certificates stored for this user in Active Directory.

    User's digital certificate in Active Directory