How to check Credential Roaming

In larger organizations, it can be opaque how many business certificates users use and whether or not a user has a backup stored somewhere.

Usually, when a disk fails, it is discovered that the user does not have a backup. To prevent this, credential roaming is introduced, which means that all the user’s personal certificates are stored in Active Directory.

The user can then log on to any other computer in the same domain and will have their personal certificates uploaded.


1. Log on to computer1 as User1.

2. Run certmgr.msc and request a user certificate.

3. View the certificate and record the serial number on a piece of paper.

4. Log off

5. Log on to a different computer (Computer2) as User1

6. Run certmgr.msc

7. Look at the personal store, you should have a certificate there.

8. View the certificate and confirm that the certificate has the same serial number

This assumes both computers are domain joined and the Credential Roaming GPO is defined and linked


Works as system engineer in Slovenian Enterprise in Microsoft environment focusing on security, deployments, SharePoint, SCCM and CheckPoint firewall. Author of successful blog about IT security, Microsoft tips & tricks, social media, internet trends.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.