The following registry entries can be added under the HKEY_CURRENT_USER\Software\Policies\Microsoft\Cryptography\AutoEnrollment subkey to control whether the Credential Roaming feature filters the credential information: 
Name: RoamUnaffiliatedKeys
Type: DWORD
Value: 00000000

Note If the value of the registry entry is not set (for example, if the default value is used) or is zero, keys that are not associated with a certificate are not roamed. Setting the value to 0x1 disables this filter. This enables all CAPI and CNG asymmetric key pairs from Microsoft providers to roam and to be stored in the AD DS database.

Name: RoamUnusedDpapiKeys
Type: DWORD
Value: 00000000

Note If the value of the registry entry is not set (for example, if the default value is used) or is zero, as in the following example, DPAPI keys that do not protect a roamed private key binary large object (BLOB) are not roamed. Setting the value to 0x1 disables this filter and allows for all DPAPI keys to roam and take space in Active Directory.

Name: RoamSmartCardCertificates
Type: DWORD
Value: 00000000