Re: CAPICOM and Enumerating AD Store

From: Shawn Corey [MSFT] (
Date: 06/14/04

Date: Mon, 14 Jun 2004 11:42:32 -0700

Browsing the AD store is a bit different from browsing the local stores,
instead of store names like My or Root you supply the CN of the user. If the
DN for a user is "CN=A User, DC=Foo, DC=Com" then you would use a store open


The full DN is not entered just the CN= part.
This seems a little counter to what the way CAPICOM opens stores on the
local machine, but it gives the ability to browse cert stores for different
users by supplying their CN, making it easy to get encryption certs and such
for them.

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
"BobO" <> wrote in message
> I am not having luck viewing the AD Store using VBScript.  Views of local
stores work, but a call to the AD Store always returns "The search filter
cannot be recognized".  Any code samples to help here in VBScript?  I would
like to dump all certs...

Relevant Pages

  • Re: How do you associate private key with import cert?
    ... IE certificates panel and Certs snapin use. ... panel is that the IE display is filtered (i.e. in MY store, ... and select to include the private key (only possible if the private key has ...
  • Re: importing certificate into "my" store
    ... The usual place to install others certificates (not including root CA certs) is in the "Other" ... certificate store. ... an associated private key, and which are invalid for other reasons (however MMC Certs SnapIn ...
  • Re: Enterprise root CA not re-trusted after manually deleted
    ... the AEDirectoryCache is the authoritative local copy of the AD and the client is not interested in the contents of the cert store at all. ... CA certs in AD). ... deleted root certs can automatically return or need a manual repair. ... When I then deleted the certificate manually from a computer's Trusted ...
  • Re: How to verify CA for a X.509 certificate
    ... The article DOES check if the public key is in the store, ... to use it to explicitly verify the signature on the cert. ... root CA certs;-) then you should be golden. ... > is not secure as the issuer name can be forged quite easily. ...
  • Copying Certificates from the Trusted Root certs store to the Personal Store on XPsp3
    ... I have successfully distributed a couple of private certificates by GPO ... GPO puts the certs into the container Computer \ Trusted Root ... DOES ANYONE HAVE A COMPREHENSIVE LIST OF CERTIFICATE STORE NAMES? ...