Share via

KB5014754—Certificate-based authentication changes

49885604 215 Reputation points
2023-06-30T19:33:53.37+00:00

Hi guys,

about the KB5014754 "Certificate-based authentication changes on Windows domain controllers" https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16, I need your support to understand the certificate mappings. I haven't installed the KB yet and the customer asked me for some checks before proceeding.

-> How can I verify that mappings? On my Issuinga-CA?
-> How can I verify the altSecurityIdentities attributes for user Object as described on the article above?

-> In case I don't have the correct mapping configuration before the KB is installed, how can I make the configuration Strong for all users and certificates before the KB is installed?

Thanks in advance for you support and reply.

Regards,

Alessio.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,726 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,932 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 44,681 Reputation points
    2023-07-03T12:29:48.6833333+00:00

    Hello there,

    To verify the altSecurityIdentities attribute for a user object, you can follow these steps:

    Connect to Active Directory: Open a PowerShell session with administrative privileges and connect to your Active Directory domain using the following command:

    Import-Module ActiveDirectory

    Retrieve User Object: Use the Get-ADUser cmdlet to retrieve the user object for which you want to verify the altSecurityIdentities attribute. Specify the user's identity, such as username or distinguished name (DN). For example:

    $User = Get-ADUser -Identity "JohnDoe"

    Check altSecurityIdentities Attribute: Access the altSecurityIdentities attribute of the user object by referring to its property. You can use the following command to display the value of the altSecurityIdentities attribute:

    $User.altSecurityIdentities

    Analyze the Results: The output of the above command will display the value(s) of the altSecurityIdentities attribute for the user object. The altSecurityIdentities attribute is a multi-valued attribute that contains various security identities associated with the user, such as Kerberos principal names, X.509 certificate values, or other security identities

    I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer--

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.