IIS can use AD DS as its mapping directory. As mentioned earlier, the advantage of using AD DS is that the mapping is available on multiple Web servers (as long as they are members of the forest) and can be used by applications other than Web browsers.
The following steps enable IIS to use Active Directory mapping:
Create a certificate template for user authentication.
Define the mappings in AD DS.
Enable IIS to use certificate mapping.
Enable the directory service mapper.
The first step in setting up a certificate mapping in AD DS is to design a certificate template that allows a user to authenticate in a Web browser. The user certificate must meet the following requirements: ...