Re: ADAM
From: Dmitri Gavrilov [MSFT] (dmitrig_at_online.microsoft.com)
Date: 02/12/04
- Next message: Dmitri Gavrilov [MSFT]: "Re: Accessing LDAP to connect to ADAM instance"
- Previous message: Daniel Calderon: "Re: Reinstall W2K Domain Controller"
- In reply to: donna.tidwell: "Re: ADAM"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: ADAM"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: ADAM"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 12 Feb 2004 15:55:55 -0800
This has nothing to do with LDAP. SiteServer was heavily IIS oriented,
therefore they did this special-case tweak that produces an event in IIS
log. ADAM, a product which is not at all related to SiteServer, does not
know about IIS, neither IIS knows about ADAM. Sorry, you are out of luck
here.
Can you modify your log analyzer program to scan security log instead?
-- Dmitri Gavrilov SDE, Active Directory Core This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm "donna.tidwell" <anonymous@discussions.microsoft.com> wrote in message news:fa8e01c3f1ae$ff34a6b0$a501280a@phx.gbl... > I need the logging be in the IIS log. My log analyzer > program can only read the IIS log. Is there any way to > get ADAM to generate the CS_username variable in the IIS > log? Do you know what generates the CS_username variable > in the IIS log? Site Server's LDAP services put the user > name in the IIS log as the CS_username variable. We are > using an LDAP call to ADAM I was wondering why it is not > sending the information to the IIS log like Site Server's > LDAP. > > > >-----Original Message----- > >If you need logon auditing, then ADAM can do this, > although it will go into > >Security log, not IIS log. Just enable Account Logon > auditing in the group > >policy. You will get an event like this one: > > > >Event Type: Success Audit > >Event Source: Security > >Event Category: Account Logon > >Event ID: 680 > >Date: 2/11/2004 > >Time: 4:39:03 PM > >User: Domain\userName > >Computer: ADAM_MACHINE_NAME > >Description: > >Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 > > Logon account: username > > Source Workstation: CLIENT_MACHINE_NAME > > Error Code: 0x0 > > > > > >For more information, see Help and Support Center at > >http://go.microsoft.com/fwlink/events.asp. > > > > > > > > > >For ADAM users, you will get this kind of audit: > > > >Event Type: Success Audit > >Event Source: Security > >Event Category: Account Logon > >Event ID: 680 > >Date: 2/11/2004 > >Time: 4:38:06 PM > >User: S-1-439939821-1707116567-3694986241-1098450955- > 1252665478-3949904892 > >Computer: ADAM_MACHINE_NAME > >Description: > >Logon attempt by: ADAM_test > > Logon account: CN=test,O=msft,L=wa,C=us > > Source Workstation: - > > Error Code: 0x0 > > > > > >For more information, see Help and Support Center at > >http://go.microsoft.com/fwlink/events.asp. > > > > > > > >-- > >Dmitri Gavrilov > >SDE, Active Directory Core > > > >This posting is provided "AS IS" with no warranties, and > confers no rights. > >Use of included script samples are subject to the terms > specified at > >http://www.microsoft.com/info/cpyright.htm > > > >"Donna.tidwell" <anonymous@discussions.microsoft.com> > wrote in message > >news:ea8601c3f0e7$d1d625d0$a001280a@phx.gbl... > >> The IIS website uses an LDAP call to the ADAM server. > In > >> the past we used Site Server LDAP to authenticate. The > >> Site Server LDAP call logged to the IIS Log. We were > >> wondering if the LDAP call to ADAM could do the same > >> thing, so we can track authenticated users in our > >> reporting tool. Any ideas? > >> > >> > >> >-----Original Message----- > >> >You can not use ADAM for IIS authentication, at least > not > >> directly. ADAM > >> >users can not be impersonated by IIS threads (because > >> they are not windows > >> >security principals), and thus, IIS can not log them in > >> its logs. How > >> >exactly do you use ADAM to do authentication? > >> > > >> >That said, we are working on a proper solution to use > >> ADAM for IIS > >> >authentication. Not quite there yet. > >> > > >> >-- > >> >Dmitri Gavrilov > >> >SDE, Active Directory Core > >> > > >> >This posting is provided "AS IS" with no warranties, > and > >> confers no rights. > >> >Use of included script samples are subject to the terms > >> specified at > >> >http://www.microsoft.com/info/cpyright.htm > >> > > >> >"basin" <donna.tidwell@ipaper.com> wrote in message > >> >news:ed4a01c3f0c4$ce641e70$a601280a@phx.gbl... > >> >> Our web reports have never had any trouble logging > and > >> >> reporting on authenticated users when we use nt > >> >> authentication, site server authentication, etc. > >> >> We moved to ADAM, which requires no special setup in > >> IIS, > >> >> and now we cannot track authenticated users in our > iis > >> log > >> >> files. > >> >> How can we get ADAM to log user info to iis logs?? > >> >> Thanks for any help! > >> > > >> > > >> >. > >> > > > > > > >. > >
- Next message: Dmitri Gavrilov [MSFT]: "Re: Accessing LDAP to connect to ADAM instance"
- Previous message: Daniel Calderon: "Re: Reinstall W2K Domain Controller"
- In reply to: donna.tidwell: "Re: ADAM"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: ADAM"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: ADAM"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
