After upgrading to a newer version of ADManager Plus, users may encounter the error:
"The application certificate is not updated for this tenant." in the Microsoft365 tenant integration configuration.
This occurs because the new version of ADManager Plus uses certificate-based authentication to fetch data securely. Customers upgrading from an older version must update their Microsoft 365 configuration accordingly.
Global Admin access to the Azure portal.
Admin access to ADManager Plus.
If you need a self-signed certificate, follow these steps:
Navigate to the location of the installation folder of ADManager Plus\bin.
Open Windows PowerShell as Administrator.
Run the following command to set execution policy:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force -Scope Process
Execute the Create-selfsignedcertificate.ps1 script.
When prompted, provide:
Common Name for the certificate.
Start and End Date (yyyy-MM-dd format) for validity.
Password
The script generates a .pfx file (contains both public and private keys) in the bin folder.
In ADManager Plus portal, upload the .pfx file in the Microsoft 365 configuration settings.
In Azure portal:
Log in to portal.azure.com.
Navigate to App Registrations.
Search for the application using the Client ID (found in ADManager Plus under Directory/Application Settings > Microsoft 365).
Upload the .cer file in the Certificates & secrets section.
Copy the Client Secret from Azure and update it as the Application Secret in ADManager Plus.
Regularly update certificates before expiration to prevent authentication failures.
Maintain a backup of valid certificates.
Use a certificate from a trusted CA if possible to enhance security.