| Author |
Message |
Dean Plante
Guest
|
 Posted:
Tue Jan 18, 2005 9:27 pm Post subject:
ADAM-Active Directory Password Synchronization |
|
|
Is it possible to sync the passwords from Active Directory to an ADAM
instance using the ADAMSYNC tool? Also is possible to bring in the
sAMAccountName attribute from AD to ADAM?
Thanks |
|
| Back to top |
|
 |
Lee Flight
Guest
|
| Posted:
Tue Jan 18, 2005 10:22 pm Post subject:
Re: ADAM-Active Directory Password Synchronization |
|
|
Hi
inline below...
"Dean Plante" <Dean Plante@discussions.microsoft.com> wrote in message
news:D1748932-64AB-472F-8743-42E44216C7E0@microsoft.com...
| Quote: | Is it possible to sync the passwords from Active Directory to an ADAM
instance using the ADAMSYNC tool?
|
No, you cannot synch the password because you cannot read it from AD
| Quote: | Also is possible to bring in the
sAMAccountName attribute from AD to ADAM?
|
I believe so, I do not think it was included in the AD Schema ldf that comes
with the ADAMSync beta but you could add your own schema extension.
Generally you do not need the samaccountname and password from AD
as an ADAM instance can authenticate domain users against AD and those
users can then be granted access to the ADAM instance.
Lee Flight |
|
| Back to top |
|
|
Dean Plante
Guest
|
| Posted:
Wed Jan 19, 2005 9:57 pm Post subject:
Re: ADAM-Active Directory Password Synchronization |
|
|
Will this authentication work if the server running ADAM is not part of the
domain?
"Lee Flight" wrote:
| Quote: | Hi
inline below...
"Dean Plante" <Dean Plante@discussions.microsoft.com> wrote in message
news:D1748932-64AB-472F-8743-42E44216C7E0@microsoft.com...
Is it possible to sync the passwords from Active Directory to an ADAM
instance using the ADAMSYNC tool?
No, you cannot synch the password because you cannot read it from AD
Also is possible to bring in the
sAMAccountName attribute from AD to ADAM?
I believe so, I do not think it was included in the AD Schema ldf that comes
with the ADAMSync beta but you could add your own schema extension.
Generally you do not need the samaccountname and password from AD
as an ADAM instance can authenticate domain users against AD and those
users can then be granted access to the ADAM instance.
Lee Flight
|
|
|
| Back to top |
|
|
Lee Flight
Guest
|
| Posted:
Thu Jan 20, 2005 1:53 am Post subject:
Re: ADAM-Active Directory Password Synchronization |
|
|
Authenticating against the domain requires the ADAM instance to
be on domain member server else you would need a way for the
ADAM server to figure out who the authenticator should be. That
might be technically possible but I do not think it can happen at present
with ADAM.
Windows accounts local to a standalone ADAM server can be
authenticated by the ADAM instance.
Lee Flight
"Dean Plante" <DeanPlante@discussions.microsoft.com> wrote in message
news:2BBE5D35-6BD8-419E-A990-27DD40DF47DA@microsoft.com...
| Quote: | Will this authentication work if the server running ADAM is not part of
the
domain?
"Lee Flight" wrote:
Hi
inline below...
"Dean Plante" <Dean Plante@discussions.microsoft.com> wrote in message
news:D1748932-64AB-472F-8743-42E44216C7E0@microsoft.com...
Is it possible to sync the passwords from Active Directory to an ADAM
instance using the ADAMSYNC tool?
No, you cannot synch the password because you cannot read it from AD
Also is possible to bring in the
sAMAccountName attribute from AD to ADAM?
I believe so, I do not think it was included in the AD Schema ldf that
comes
with the ADAMSync beta but you could add your own schema extension.
Generally you do not need the samaccountname and password from AD
as an ADAM instance can authenticate domain users against AD and those
users can then be granted access to the ADAM instance.
Lee Flight
|
|
|
| Back to top |
|
|
Dean Plante
Guest
|
| Posted:
Thu Jan 20, 2005 2:27 am Post subject:
Re: ADAM-Active Directory Password Synchronization |
|
|
Lee
Does the ADAM reviewers guide explain how to setup authentication to AD if
the the ADAM server is part of the domain? If not where can I find
documentation on how to accomplish this.
Thanks for your help
"Lee Flight" wrote:
| Quote: | Authenticating against the domain requires the ADAM instance to
be on domain member server else you would need a way for the
ADAM server to figure out who the authenticator should be. That
might be technically possible but I do not think it can happen at present
with ADAM.
Windows accounts local to a standalone ADAM server can be
authenticated by the ADAM instance.
Lee Flight
"Dean Plante" <DeanPlante@discussions.microsoft.com> wrote in message
news:2BBE5D35-6BD8-419E-A990-27DD40DF47DA@microsoft.com...
Will this authentication work if the server running ADAM is not part of
the
domain?
"Lee Flight" wrote:
Hi
inline below...
"Dean Plante" <Dean Plante@discussions.microsoft.com> wrote in message
news:D1748932-64AB-472F-8743-42E44216C7E0@microsoft.com...
Is it possible to sync the passwords from Active Directory to an ADAM
instance using the ADAMSYNC tool?
No, you cannot synch the password because you cannot read it from AD
Also is possible to bring in the
sAMAccountName attribute from AD to ADAM?
I believe so, I do not think it was included in the AD Schema ldf that
comes
with the ADAMSync beta but you could add your own schema extension.
Generally you do not need the samaccountname and password from AD
as an ADAM instance can authenticate domain users against AD and those
users can then be granted access to the ADAM instance.
Lee Flight
|
|
|
| Back to top |
|
|
Lee Flight
Guest
|
| Posted:
Thu Jan 20, 2005 3:18 am Post subject:
Re: ADAM-Active Directory Password Synchronization |
|
|
Hi
for authentication there's nothing to configure it just works, in that
if you bind to an ADAM instance that is on a server in a domain
using domain credentials, ADAM takes those credentials and presents
them to a domain DC for authentication. However that does not buy
you much as by default the access control in the ADAM instance will
not permit you to see any data in the instance.
So it's the access control rather than the authentication that needs
configuration. See
ADAM Help
Understanding ADAM
Access control
and
ADAM Help
Administering ADAM
Administering access control
That last explains that there are two options: (coarse-grained) adding the
Well-Known SID for Authenticated Users in the ADAM readers role or
(fine-grained) adding domain-specific SIDs to objects.
Lee Flight
"Dean Plante" <DeanPlante@discussions.microsoft.com> wrote in message
news:912D23A1-3CE7-462F-B04B-3F3CFDEE553B@microsoft.com...
| Quote: | Lee
Does the ADAM reviewers guide explain how to setup authentication to AD if
the the ADAM server is part of the domain? If not where can I find
documentation on how to accomplish this.
Thanks for your help
"Lee Flight" wrote:
Authenticating against the domain requires the ADAM instance to
be on domain member server else you would need a way for the
ADAM server to figure out who the authenticator should be. That
might be technically possible but I do not think it can happen at present
with ADAM.
Windows accounts local to a standalone ADAM server can be
authenticated by the ADAM instance.
Lee Flight
"Dean Plante" <DeanPlante@discussions.microsoft.com> wrote in message
news:2BBE5D35-6BD8-419E-A990-27DD40DF47DA@microsoft.com...
Will this authentication work if the server running ADAM is not part of
the
domain?
"Lee Flight" wrote:
Hi
inline below...
"Dean Plante" <Dean Plante@discussions.microsoft.com> wrote in message
news:D1748932-64AB-472F-8743-42E44216C7E0@microsoft.com...
Is it possible to sync the passwords from Active Directory to an
ADAM
instance using the ADAMSYNC tool?
No, you cannot synch the password because you cannot read it from AD
Also is possible to bring in the
sAMAccountName attribute from AD to ADAM?
I believe so, I do not think it was included in the AD Schema ldf that
comes
with the ADAMSync beta but you could add your own schema extension.
Generally you do not need the samaccountname and password from AD
as an ADAM instance can authenticate domain users against AD and those
users can then be granted access to the ADAM instance.
Lee Flight
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in