How to Access a Client Authentication Certificate in the Active Directory (216904)


The information in this article applies to:

  • Microsoft Internet Information Services 5.0
  • Microsoft Internet Information Services version 6.0
This article was previously published under Q216904

SUMMARY

You can access a user's Client Authentication certificate from the Microsoft Windows Active Directory. A Client Authentication certificate is an optional UserCertificate property on the user object.

MORE INFORMATION

The following Visual Basic or Visual Basic Script code will access the UserCertificate object:

Dim oUser, vCert
Dim strName, strDN
StrName = "CN=Frodo Baggins"
StrDN = "CN=Users,DC=iis,DC=nttest,DC=microsoft,DC=com"
Set oUser = GetObject("LDAP://" & strName & "," & strDN)
vCert = oUser.userCertificate
Set oUser = Nothing

The strDN must be replaced with the domain information for your environment. In this example, it is set to the Users object in the IIS.nttest.microsoft.com domain.

You can set a user's client authentication certificate by using the Directory Management administration tool.

Note If Microsoft Certificate Services is installed, then the certificate is automatically added to the user's list of certificates when the client requests a certificate.
Modification Type:MajorLast Reviewed:6/24/2004
Keywords:kbhowto KB216904
©2004 Microsoft Corporation. All rights reserved.