When the YubiKey tokens you have purchased are in the OATH-HOTP mode, to enable their use with Defender you need to import the YubiKey token objects into Active Directory by using the .txt import file (also known as the key file) containing token object definitions. Then, you can assign the imported token objects to users as necessary.

Normally, the .txt import file is provided together with the YubiKey tokens. Before importing token objects, you need to modify the .txt import file so that Defender can read its contents.

To enable the use of YubiKey working in OATH-HOTP mode

  1. Change the file name extension of the .txt import file to .csv.
  2. Open the .csv file in Microsoft Excel. The .csv file looks similar to the following:

 

 

The columns in the file contain the following:

  • A  YubiKey serial number.
  • B 160-bit secret set
  • C  Moving factor seed value.
  • D Configuration password. Contains zeros if configuration password is not set.
  1. Delete column D.
  2. Save the .csv file. Now the file is ready for import.
NOTE: Keep the initial .txt file containing the passwords associated with each of the Yubikeys, to program the second slot though the Yubico interface later.
  1. Import token objects from the .csv file into Active Directory. For instructions, see Importing hardware token objects.
  2. Assign the imported YubiKey token objects to users as necessary. For instructions, see Assigning a hardware token object to a user.