Consider the following scenario:

• In an Active Directory Domain Services (AD DS) environment, you apply the Allow user name hint Group Policy setting to the Windows Vista-based or Windows Server 2008-based client computers. This Group Policy setting displays the domain name when a user enters the user name.
• A user uses a Smart Card certificate for authentication during logon.
• The Smart Card certificate has a subject name that is presented in the fully distinguished name (also known as DN) format. Additionally, the domain component of the subject name does not match the domain in the network.

In this scenario, when the user tries to join the domain from a Windows Vista-based or Windows Server 2008-based client computer by using the Smart Card certificate, the user cannot join the domain. This problem occurs even though the name of the domain that the user tries to join is presented by the hint. In this case, the user receives the following error message:

The following error occurred attempting to join the domain Domain_Name:
The specified username is invalid.