Your network contains an Active Directory domain named contoso.com. The domain contains a server named
Server1 that runs Windows Server 2012. Server1 has the Active Directory Certificate Services server role
installed and is configured as an enterprise root certification authority (CA).
You plan to implement Encrypting File System (EFS) on all client computers.
Users use different client computers.
You need to prevent the users from receiving a different EFS certificate on each client computer.
What should you implement?
More than one answer choice may achieve the goal. Select the BEST answer.

A.
Credential roaming

B.
Roaming user profiles

C.
PFX files on an external USB disk

D.
Folder Redirection

Explanation:
You must enable Credential roaming so that whatevermachine a user logs on to, their credentials follow them.
This may use up extensive space in Active Directory.
A certificate is enrolled to a computer where a user is logged on interactively.
With credential roaming, the certificate and also the corresponding key pair are uploaded into the user’s object
in Active Directory about 10 seconds after certificate enrollment.
If the domain consists of multiple domain controllers, Active Directory replication will make the updated user
object available to all other domain controllers within the domain.
If the same user who was previously enrolled for a certificate logs on to a different computer or terminal server
session, credential roaming will synchronize the user’s local
certificate store with the certificates that are stored in Active Directory.