RE: [ActiveDir] Moving Certificates between separate AD infrastructures

[walls]

Thanks for all the responses. I'm investigating several tools and actually tracked down the logic to implement the operation. For those that are interested here's the code. I think the below code is a bit inefficient because the only example I could find was taking a cert stored in a text file and then transforming it into a byte array before placing it in the directory. I think the userCertificate is already a byte array so I could probably just ensure I'm using the appropriate variable type for storage and import it directly into the foreign directory rather then importing it into a CAPICOM memory store and then changing it back into a byte array.

 

Thanks,

Dave

 

Sub main()

 

Dim objStore As New Store, objUtilities As New CAPICOM.Utilities, adSysInfo, objForeignUser As IADsUser, objcert As Certificate

 

Set adSysInfo = CreateObject("Adsysteminfo")
Set objUser = GetObject("LDAP://" & adSysInfo.UserName)
Set objProvider = GetObject("LDAP:")
Set objForeignUser = objProvider.OpenDSObject("LDAP://x.x.x.x/cn=Dave,ou=internal,ou=users,ou=xxx,dc=xxxx,dc=xxxx,dc=xxx", "xxxxxxx", "xxxxxxxxxx", ADS_SECURE_AUTHENTICATION)

 

'MsgBox objUser.usercertificate.Count
objcer = objUser.usercertificate(0)
objStore.Open CAPICOM_MEMORY_STORE, "My", CAPICOM_STORE_OPEN_READ_WRITE
objStore.Import objcer
Set objcert = objStore.Certificates(1)
binEnCert = objcert.Export(CAPICOM_ENCODE_BINARY)
arrEnCert = objUtilities.BinaryStringToByteArray(binEnCert)

 

objForeignUser.PutEx 3, "userCertificate", Array(arrEnCert)
objForeignUser.SetInfo

 

End Sub