ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Prevent Symantec Encryption Management Server from harvesting certificates from Active Directory and associating with users


Article ID: 157157


Updated On:


Encryption Management Server Gateway Email Encryption


By default Symantec Encryption Management Server looks at the UserCertificateBinary attribute in LDAP for certificates associated with the user. This is used for S/MIME encryption as well as Certificate Enrollment.  If this functionality is not needed, or is causing problems, such as multiple (unused) certificates being harvested from Active Directory, the behavior can be disabled.  Once disabled, user certificates from Active Directory will no longer be harvested and associated to user accounts on Symantec Encryption Management Server.


As Symantec Encryption Management Server does not have an option to toggle this setting in the UI, to disable this functionality, please contact Symantec Encryption Support who can help modify this setting on the back-end configuration.