问题
I have followed this guide: https://blogs.msdn.microsoft.com/adpowershell/2009/04/26/working-with-certificates-in-active-directory-powershell/
The certificate is successfully added to the Published Certificates of the user. But it's not what I really want.
Instead I want the certificate to be added to the X509 Certificates of the AD user (Name Mapping / Security Identity Mapping in Active Directory)
Security Identity Mapping
Is there a way to do this in C# or Powershell?
回答1:
So I've resolved the problem by following this guide.
https://blogs.msdn.microsoft.com/adpowershell/2009/04/26/working-with-certificates-in-active-directory-powershell/
Changed the command a little bit suggested by Mathias.
Set-ADUser -Certificates
Then followed this guide to fill in the parameters of altSecurityIdentities.
https://blogs.msdn.microsoft.com/spatdsg/2010/06/18/howto-map-a-user-to-a-certificate-via-all-the-methods-available-in-the-altsecurityidentities-attribute/
Now my certificate is added to X509 Certicates in Security Identity Mapping.
Here is my code:
Set-ADUser USERNAME -Add @{'altSecurityIdentities'="X509:<I>C=BE,CN=Citizen CA,SERIALNUMBER=********<S>C=BE,CN=FIRSTNAME (Authentication),SN=LASTNAME,G=FIRSTNAME,SERIALNUMBER=***********"}
Note: you can get the X509 parameters (Issuer and Subject) by opening the certificate.
I hope this can help someone else with the same problem. And thanks again Mathias!
来源:https://stackoverflow.com/questions/36334935/set-active-directory-security-identity-mapping-name-mapping-with-c-powers