|
MIIS can do
this… From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of [EMAIL PROTECTED] I have a DOD customer that is looking to break off a piece of the
organization to stand up its own agency. The DOD customer is currently deployed
in an Active Directory infrastructure with a PKI infrastructure deployed and
smartcards in use. Shortly, the customers will be moved to a completely
new AD infrastructure at their own request. Unfortunately, the organization
will not immediately deploy new certs and smart cards to the staff due to
logistics issues. Smartcard access to DOD systems is an absolute requirement.
Disruption to the user community must be kept to an absolute minimum. The
organization would like continue to use the existing certs and smartcards with
the new infrastructure. My question is, assuming that the PKI infrastructure can support the
old certs, is there a way to automate the movement of user certs during the
migration process? Can we automate the publishing of the old certificate from
the old directory into the new directory? Is there existing migration tools out
there that does this (i.e. Quest, Bindview)? Does ADMT do this by default? I've
been reviewing the ADMT documentation and I haven't seen a mention of migrating
user certificates yet. I was thinking to develop some code using CAPICOM to do
this; however, I didn't want to reinvent the wheel. A second question would be
do both the values in the userCertificate and userSMIMECertificate properties
have to go? Thanks in advance, Dave |
- RE: [ActiveDir] Moving Certificates between separate AD infra... Jackson Shaw
