This document explains the interdependencies between Active Directory Domain Services (AD DS) and Public Key Infrastructure (PKI) related to Homeland Security Presidential Directive 12 (HSPD-12) smart card logon. Topics concerning the Federal PKI Common Policy Root certificate, Extended Key Usage (EKU) requirements and validation of Personal Identity Verification (PIV) authentication certificates for smart card logon are addressed. This document is written for enterprise information technology professionals who are planning or implementing PIV-II smart card logon in accordance with the HSPD-12 directive. It is assumed that the audience for this document has basic knowledge of Public Key Infrastructure and Smart Card concepts.