---
title: ActiveDirectoryCertificate
framework: devicemanagement
role: symbol
role_heading: Device Management Profile
path: devicemanagement/activedirectorycertificate
---

# ActiveDirectoryCertificate

The payload that configures Active Directory Certificate settings.

## Declaration

```data
object ActiveDirectoryCertificate
```

## Properties

AllowAllAppsAccess: If true, gives apps access to the private key. Available: macOS 10.10+ CertificateAcquisitionMechanism: This value is most commonly RPC; if using web enrollment, use HTTP. Available: macOS 10.8+ CertificateAuthority: The name of the certificate authority (CA), which is determined from the common name (CN) of the Active Directory entry. Valid values: CN= CN=Certification Authorities CN=Public Key Services CN=Services CN=Configuration CN= Available: macOS 10.8+ CertificateRenewalTimeInterval: The number of days in advance of certificate expiration that the notification center notifies the user. CertServer: The fully qualified host name of the CA. CertTemplate: The certificate template for your environment. The default user certificate value is `User`. The default computer certificate value is `Machine`. Description: A user-friendly description of the certification identity. EnableAutoRenewal: If true, the certificate obtained with this payload attempts auto-renewal. Auto-renewal can only be used with device Active Directory certificate payloads. Available: macOS 10.13.4+ KeyIsExtractable: If true, the system allows exporting the private key. Available: macOS 10.10+ Keysize: The RSA key size for the certificate signing request (CSR). Available: macOS 10.11+ PromptForCredentials: If true, the system prompts the user for credentials when is installs the profile. This key applies only to user certificates with the Manual Download profile delivery method. Omit this key for computer certificates. Available: macOS 10.8+

## Discussion

Discussion Specify com.apple.ADCertificate.managed as the payload type. To get a certificate from a Microsoft CA, follow the instructions at Request a certificate from a Microsoft Certificate Authority. Profile availability  |   |   |   |   |   |   |   |  Example Profile <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict>     <key>PayloadContent</key>     <array>         <dict>             <key>CertServer</key>             <string>server.example.com</string>             <key>CertTemplate</key>             <string>MachineUser</string>             <key>CertificateAcquisitionMechanism</key>             <string>RPC</string>             <key>CertificateAuthority</key>             <string>Example</string>             <key>Description</key>             <string>Active Directory Certificate</string>             <key>PromptForCredentials</key>             <false/>             <key>PayloadIdentifier</key>             <string>com.example.myADcertpayload</string>             <key>PayloadType</key>             <string>com.apple.myadcertificate.managed</string>             <key>PayloadUUID</key>             <string>59729e65-4c09-4fa1-b367-7a38cfd1b190</string>             <key>PayloadVersion</key>             <integer>1</integer>         </dict>     </array>     <key>PayloadDisplayName</key>     <string>Active Directory Certificate</string>     <key>PayloadIdentifier</key>     <string>com.example.myprofile</string>     <key>PayloadType</key>     <string>com.apple.ADCertificate.managed</string>     <key>PayloadUUID</key>     <string>55a22a34-02b7-49d8-8116-ea95c3545261</string>     <key>PayloadVersion</key>     <integer>1</integer> </dict> </plist>

## See Also

### Certificates

- [ACMECertificate](devicemanagement/acmecertificate.md)
- [CertificatePEM](devicemanagement/certificatepem.md)
- [CertificatePKCS1](devicemanagement/certificatepkcs1.md)
- [CertificatePKCS12](devicemanagement/certificatepkcs12.md)
- [CertificateRoot](devicemanagement/certificateroot.md)
- [CertificatePreference](devicemanagement/certificatepreference.md)
- [CertificateRevocation](devicemanagement/certificaterevocation.md)
- [CertificateTransparency](devicemanagement/certificatetransparency.md)
- [SCEP](devicemanagement/scep.md)