Re: Active Directory or Not

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Jody (anonymous_at_discussions.microsoft.com)
Date: 04/17/04 

Date: Sat, 17 Apr 2004 09:06:39 -0700

The reason I selected Active Directory account mode is
that the TechNet Admin Guide - "Installation: Installation
Considerations for WSS" says the following:

"Domain Account Mode:
This mode is used inside organizations to grant access to
users with existing Microsoft Windows domain accounts."

"Active Directory Account Creation Mode:
This mode is used by Internet Service Providers to create
unique accounts for customers in Active Directory
directory service"

I certainly need to learn more about AD to better
understand the issue(s). However, based on the above
description, it would seem I have no choice since users
are not going to have a domain accounts on the server,
unless, the domain account is only for the person creating
accounts??? My clients / users will be hitting the server
from the internet exclusively.

I will be creating the accounts and adding most of the
users except where customers will be inviting others to
join their specific web space.

I am wondering if I missing something very basic in my
understanding, or lack there of, about AD and how it
works? Would I find more about that in the Windows Server
2003 Documentation?

Eariler Question & Reponse from previous dead thread:

>>>Do you really want to use "Active Directory account
creation mode"? That means that when unknown/new users add
accoutn to WSS, the WSS creates the related AD account. If
you do this, you CANNOT add existing AD users to your WSS
site. In this case, the above statement is true. However,
if you just want to leverage AD accounts created in AD,
then the statement dowsn't apply - so YES, you can load AD
and WSS both on your server.

2. Active Directory on a Domain Controller
>
> The TechNet Admin Guide - "Deployment Scenarios -
Separate
> Active Directory Directory Organization Unit
Deployment"
> says:
>
> "NOTE: Active Directory account creation mode is not
> supported when you install Windows SharePoint
Services to
> a domain controller."
>
> If I understand this correctly, I will require 2
servers
> to run WSS in Active directory mode? If this is
true, is
> there any way around this? Can I utilize the domain
> controller in the other company's network without
> compromising their resources or security?

Relevant Pages

  • Re: Adding External users to WSS
    ... We generate strong passwords and the users are not allowed to change them ... I found this paragraph in WSS 2.0 administrator's ... > "Some organizations may need to be able manage accounts for both internal ... > external customers (not in organization's Active Directory directory ...
    (microsoft.public.sharepoint.windowsservices)
  • RE: How add users to site?
    ... How do I check which mode our WSS is installed in? ... How/Where in Active Directory are these new users added and how are they ... > There are two account mode at WSS: Domain account mode & Active Directory ...
    (microsoft.public.sharepoint.windowsservices)
  • Re: KDC error suggestions?
    ... I have followed the steps in the Microsoft Article that you referred to. ... we need to locate the machine accounts that have the ... > 250455 How to Change Display Names of Active Directory Users ... I have the Windows Support Tools installed that some have ...
    (microsoft.public.windows.server.sbs)
  • Re: Active Directory Value Proposition
    ... > backup purposes - which leads to centralized backups (including open file ... > 1) Central administration of accounts, permissions, and policy. ... > What are the risks? ... >> Would you recommend using Active Directory in a small-business setting? ...
    (microsoft.public.win2000.active_directory)
  • Re: 2000 server and 2000 pro network
    ... I set up accounts from the server using ... these are in a workgroup called CMT. ... but a regular user cannot login using network ... Microsoft Windows MVP - Active Directory ...
    (microsoft.public.win2000.dns)