Blog Post

Ask the Directory Services Team

11 MIN READ

Understanding and Troubleshooting - Strong Certificate Name Mapping in Active Directory

Chris_Cartwright

Microsoft

Sep 05, 2025

The hardening cometh and that right soon

Hello team, Manuel here. In recent years, Microsoft has introduced Strong Certificate Name Mapping (Strong Mapping) as a requirement for certificate-based authentication in Active Directory environme...

Published Sep 05, 2025

Version 1.0

Chris_Cartwright

Microsoft

Joined July 07, 2020

View Profile

Ask the Directory Services Team

Follow this blog board to get notified when there's new activity

rje45

Copper Contributor

Sep 10, 2025

Chris_Cartwright is there any update the SID mapping for on-prem CA certificates when usesubjectaltname=0? We've opened three cases with Microsoft on this issue and you provided info in one of them for a KIR to enable weak mappings when the SID extension is present and usesubjectaltname=0. We were told the feature would be enabled by default for Server 2022 in this month's cumulative patch. The feature preview doesn't appear to allow weak mappings when strong enforcement is enabled.