In larger organizations, it can be opaque how many business certificates users use and whether or not a user has a backup stored somewhere.
Usually, when a disk fails, it is discovered that the user does not have a backup. To prevent this, credential roaming is introduced, which means that all the user’s personal certificates are stored in Active Directory.
The user can then log on to any other computer in the same domain and will have their personal certificates uploaded.
Checking
1. Log on to computer1 as User1.
2. Run certmgr.msc and request a user certificate.
3. View the certificate and record the serial number on a piece of paper.
4. Log off
5. Log on to a different computer (Computer2) as User1
6. Run certmgr.msc
7. Look at the personal store, you should have a certificate there.
8. View the certificate and confirm that the certificate has the same serial number
This assumes both computers are domain joined and the Credential Roaming GPO is defined and linked