Reputation: 93
Set Active Directory “Security Identity Mapping” / “Name Mapping” with C#/Powershell does not add to the right "store"
I have followed this guide: https://blogs.msdn.microsoft.com/adpowershell/2009/04/26/working-with-certificates-in-active-directory-powershell/
The certificate is successfully added to the Published Certificates of the user. But it's not what I really want.
Instead I want the certificate to be added to the X509 Certificates of the AD user (Name Mapping / Security Identity Mapping in Active Directory)
Is there a way to do this in C# or Powershell?
Upvotes: 1
Views: 9310
Answers (1)
Reputation: 93
So I've resolved the problem by following this guide.
Changed the command a little bit suggested by Mathias.
Set-ADUser -Certificates
Then followed this guide to fill in the parameters of altSecurityIdentities.
Now my certificate is added to X509 Certicates in Security Identity Mapping.
Here is my code:
Set-ADUser USERNAME -Add @{'altSecurityIdentities'="X509:<I>C=BE,CN=Citizen CA,SERIALNUMBER=********<S>C=BE,CN=FIRSTNAME (Authentication),SN=LASTNAME,G=FIRSTNAME,SERIALNUMBER=***********"}
Note: you can get the X509 parameters (Issuer and Subject) by opening the certificate.
I hope this can help someone else with the same problem. And thanks again Mathias!
Upvotes: 1
Related Questions
- Changing Attribute Name in Active Directory with Powershell
- The name 'ConfigurationManager' does not exist in the current context
- Powershell: Find users with the same attribute value in Active Directory
- Powershell Script to Install Certificate Into Active Directory Store
- Active directory commands not working in powershell
- How do I look up Active Directory from powershell with multiple variables?
- Powershell Security Identity Mapping/Name mapping in Active Directory
- x509 authentication with Active directory using Spring security
- Active directory Add-QADUser-what's the unique identifier?
- Set Active Directory "Security Identity Mapping" / "Name Mapping" with C#/Powershell