Hello, I am currently looking for a way to allow our help desk employees to be able to remove expired published certificates from user accounts in AD. Currently in exchange 2007 we get warnings due to these. Though they are allowed to revoke via Certification Authority snap ins, it seems via the ADUC user properties page/published certificates tab they are not, and as a result the expired certs stay in there. I wonder if there is a better way to streamline it, but for now just to be able to manually do this would be a big help. Would this be done via the Delegate Control Wizard via the users OU? Thanks in advance!

Hi, Please check if granting the Read userCertificate and Write userCertificate permission scan meet the requirement. Thanks.This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

That did it Joson Thanks!

Hi, Glad that it helps. Have a nice day. Joson Zhou TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comThis posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.