![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 85%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EW%3C/text%3E%3C/svg%3E)
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,983 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 60%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
I was also looking into this, and found that the documentation for that alternativeSecurityIds field is defined here. Granted that document also outlines the correct way to go about joining a machine, rather than simply creating the device object. I was able to successfully generate a test device object by setting alternativeSecurityIds based on the description in that document.
To quote the document:
The Alt-Security-Identities attribute ([MS-ADA1] section 2.61) is a multi-valued UNICODE_STRING attribute (see [MS-ADTS] section 3.1.1.2.2.2, the String(Unicode) syntax). The value is formatted as follows: "X509:<SHA1-TP-PUBKEY>[thumbprint]+[publickeyhash]" where [thumbprint] is the SHA1 hash of a certificate and [publickeyhash] is the base64-encoded SHA1 hash of the X.509 certificate public key [RFC5280].