Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
Updated: May 5, 2010
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
User Principal Name (UPN) mapping is a special case of one-to-one mapping used in Active Directory. In Windows Server® 2008 R2, it is possible to turn off UPN mapping on a domain and use other explicit mapping by disabling the Subject Alternative Name (SAN) through the Registry Editor.
This setting is typically used when the deployed client certificate contains a SAN extension with a value you wish to ignore in favor of an explicit mapping.
Disabling the SAN for UPN mapping
Open the Registry Editor
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kdc.
Change the value of the DWORD UseSubjectAltName to 00000000.
Note
The value of UseSubjectAltName needs to be set on all KDCs for the domain.
Additional Information
For a clearer understanding of SAN and UPN mapping:
Refer to Smart card logon flow found in Windows Vista and Windows 7 in the article, Certificate Enumeration on Microsoft TechNet (https://go.microsoft.com/fwlink/?LinkId=186251).
Refer to the Smart card logon flow found in Windows Vista Smart Card Infrastructure on the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkID=111969).