Issue description   

After upgrading to a newer version of ADManager Plus, users may encounter the error:
"The application certificate is not updated for this tenant." in the Microsoft365 tenant integration configuration.

This occurs because the new version of ADManager Plus uses certificate-based authentication to fetch data securely. Customers upgrading from an older version must update their Microsoft 365 configuration accordingly.

Possible causes   

Prerequisites   

• Global Admin access to the Azure portal.

• Admin access to ADManager Plus.

Resolution 

Step 1: Creating a self-signed certificate   

If you need a self-signed certificate, follow these steps:

1. Navigate to the location of the installation folder of ADManager Plus\bin.

2. Open Windows PowerShell as Administrator.

3. Run the following command to set execution policy:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force -Scope Process  

4. Execute the Create-selfsignedcertificate.ps1 script.
   

5. When prompted, provide:

• Common Name for the certificate.

• Start and End Date (yyyy-MM-dd format) for validity.

• Password

6. The script generates a .pfx file (contains both public and private keys) in the bin folder.

 Step 2: Uploading the certificate   

1. In ADManager Plus portal, upload the .pfx file in the Microsoft 365 configuration settings.

2. In Azure portal:

• Log in to portal.azure.com.

• Navigate to App Registrations.

• Search for the application using the Client ID (found in ADManager Plus under Directory/Application Settings > Microsoft 365).

• Upload the .cer file in the Certificates & secrets section.

3. Copy the Client Secret from Azure and update it as the Application Secret in ADManager Plus.

Tips   

• Regularly update certificates before expiration to prevent authentication failures.

• Maintain a backup of valid certificates.

• Use a certificate from a trusted CA if possible to enhance security.

How to reach support