Auto enrollment seems to have gone crazy for one user and given them hundreds of certificates?
i'm trying to remove the them from the userCertificate attribute but its going to take years as i have to do one at a time. ADSIedit is no different from the attributes tab in ADUC unless i'm missing something?
Isn't that due to them getting one certificate per user / per machine? I was under the impression that happened for users if they didn't have a roaming profile?
okay, i will check that out, tbh i need to remove the certificates right now. i have turned off auto-enrollment.
edit: just checked they have a roaming profile.
I remember looking at certificates a while back, I just use the computer certificates for wireless authentication, so didn't look too far into the user ones. Is it just that user that gets the multiple certificates?
Originally Posted by oxide54
Do you have your renewal period on the certificates set at a really low timeframe? I have 3 certificates attached to my user, which is one for each renewal cycle by the look of it.
Use of credential roaming for user certificates is recommended | Space for Claus Jespersen
dunno i turned it off for now as I only need computer certs for 802.1x