SimpleSync from CPS Systems can do
this.
Jerry
Jerry Welch
CPS Systems
US/Canada: 888-666-0277
International: +1 703 827 0919 (-4
GMT)
IP Phone (Skype): Jerry_Welch ( www.skype.net )
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, February 07, 2006 3:58 PM
To: [email protected]
Subject: [ActiveDir] Moving Certificates between separate AD infrastructures
I have a DOD customer that is looking to break off a piece of the
organization to stand up its own agency. The DOD customer is currently deployed
in an Active Directory infrastructure with a PKI infrastructure deployed and
smartcards in use. Shortly, the customers will be moved to a completely new
AD infrastructure at their own request. Unfortunately, the organization will not
immediately deploy new certs and smart cards to the staff due to logistics
issues. Smartcard access to DOD systems is an absolute requirement. Disruption
to the user community must be kept to an absolute minimum. The organization
would like continue to use the existing certs and smartcards with the new
infrastructure.
My question is, assuming that the PKI infrastructure can support the old
certs, is there a way to automate the movement of user certs during the
migration process? Can we automate the publishing of the old certificate from
the old directory into the new directory? Is there existing migration tools out
there that does this (i.e. Quest, Bindview)? Does ADMT do this by default? I've
been reviewing the ADMT documentation and I haven't seen a mention of migrating
user certificates yet. I was thinking to develop some code using CAPICOM to do
this; however, I didn't want to reinvent the wheel. A second question would be
do both the values in the userCertificate and userSMIMECertificate properties
have to go?
Thanks in advance,
Dave
