Re: ADAM
From: Dmitri Gavrilov [MSFT] (dmitrig_at_online.microsoft.com)
Date: 02/12/04
- Next message: Dmitri Gavrilov [MSFT]: "Re: Accessing LDAP to connect to ADAM instance"
- Previous message: Chriss3: "Re: Security Groups with Group Policy"
- In reply to: Donna.tidwell: "Re: ADAM"
- Next in thread: donna.tidwell: "Re: ADAM"
- Reply: donna.tidwell: "Re: ADAM"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 11 Feb 2004 16:40:13 -0800
If you need logon auditing, then ADAM can do this, although it will go into
Security log, not IIS log. Just enable Account Logon auditing in the group
policy. You will get an event like this one:
Event Type: Success Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
Date: 2/11/2004
Time: 4:39:03 PM
User: Domain\userName
Computer: ADAM_MACHINE_NAME
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: username
Source Workstation: CLIENT_MACHINE_NAME
Error Code: 0x0
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
For ADAM users, you will get this kind of audit:
Event Type: Success Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
Date: 2/11/2004
Time: 4:38:06 PM
User: S-1-439939821-1707116567-3694986241-1098450955-1252665478-3949904892
Computer: ADAM_MACHINE_NAME
Description:
Logon attempt by: ADAM_test
Logon account: CN=test,O=msft,L=wa,C=us
Source Workstation: -
Error Code: 0x0
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
-- Dmitri Gavrilov SDE, Active Directory Core This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm "Donna.tidwell" <anonymous@discussions.microsoft.com> wrote in message news:ea8601c3f0e7$d1d625d0$a001280a@phx.gbl... > The IIS website uses an LDAP call to the ADAM server. In > the past we used Site Server LDAP to authenticate. The > Site Server LDAP call logged to the IIS Log. We were > wondering if the LDAP call to ADAM could do the same > thing, so we can track authenticated users in our > reporting tool. Any ideas? > > > >-----Original Message----- > >You can not use ADAM for IIS authentication, at least not > directly. ADAM > >users can not be impersonated by IIS threads (because > they are not windows > >security principals), and thus, IIS can not log them in > its logs. How > >exactly do you use ADAM to do authentication? > > > >That said, we are working on a proper solution to use > ADAM for IIS > >authentication. Not quite there yet. > > > >-- > >Dmitri Gavrilov > >SDE, Active Directory Core > > > >This posting is provided "AS IS" with no warranties, and > confers no rights. > >Use of included script samples are subject to the terms > specified at > >http://www.microsoft.com/info/cpyright.htm > > > >"basin" <donna.tidwell@ipaper.com> wrote in message > >news:ed4a01c3f0c4$ce641e70$a601280a@phx.gbl... > >> Our web reports have never had any trouble logging and > >> reporting on authenticated users when we use nt > >> authentication, site server authentication, etc. > >> We moved to ADAM, which requires no special setup in > IIS, > >> and now we cannot track authenticated users in our iis > log > >> files. > >> How can we get ADAM to log user info to iis logs?? > >> Thanks for any help! > > > > > >. > >
- Next message: Dmitri Gavrilov [MSFT]: "Re: Accessing LDAP to connect to ADAM instance"
- Previous message: Chriss3: "Re: Security Groups with Group Policy"
- In reply to: Donna.tidwell: "Re: ADAM"
- Next in thread: donna.tidwell: "Re: ADAM"
- Reply: donna.tidwell: "Re: ADAM"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
