Map an account from a trusted non-Windows kerberos realm to a user account

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To map an account from a trusted non-Windows kerberos realm to a user account

  1. Open Active Directory Users and Computers.

  2. On the View menu, click Advanced Features.

  3. In the console tree, click Users.

    Where?

    • Active Directory User and Computers/Domain Name/Users
  4. In the details pane, right-click the user account to which you want to map a certificate, and then click Name Mappings.

  5. On the Kerberos Names tab, click Add.

Notes

  • To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

  • To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Mapping certificates to user accounts
Map a certificate to a user account