question

StevenJohnson-9844 avatar image
0 Votes"
StevenJohnson-9844 asked StevenJohnson-9844 commented

How to access/sync a user certificate subject cn with AD MA?

I've been asked to sync the user certificate subject cn values from AD domains to AD LDS. Is it possible to access this value with the AD MA? If so, how?

Thanks.

microsoft-identity-manager
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MartinRublik-0301 avatar image
0 Votes"
MartinRublik-0301 answered StevenJohnson-9844 commented

Not sure if I understand 100% percent, but if I understood correctly you need to:
1. get user certificate from userCertificate attribute,
2. parse it
3. extract subject filed, and use CN component

You won't be able to this alone by using AD MA only, you'll need to create an advanced rule that would do the application logic for you (e.g. you need a management agent extension where you would load the userCertificate and parse it using .NET X509Certificate2 class see https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509certificate2.subjectname?view=net-5.0 for more info)

Another way to do this would be with powershell management agent where you might directly access the .NET classes and extract necessary information.

Both ways require some efforts and are not entirely straightforward.

Martin



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for your answer. That's what I needed to know.

0 Votes 0 ·