Re: ADAM : Install using Domain users as Admin rights issue
From: Dmitri Gavrilov [MSFT] (dmitrig_at_online.microsoft.com)
Date: 02/17/04
- Next message: Dmitri Gavrilov [MSFT]: "Re: Authenticating ADAM user"
- Previous message: adoyt: "Re: Service Accounts : Best Practice"
- In reply to: Eoin Mooney: "Re: ADAM : Install using Domain users as Admin rights issue"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 17 Feb 2004 10:29:28 -0800
Just one thought. In your setup, do serverA and serverB belong to the same
AD forest/domain?
If not, then you will have some trouble choosing the ADAM admin that can
bind to both instances... One option here would be to use a well-known
principal, such as Builtin Admins. Another option is to add two ADAM admins.
You will have to find the SID of the local user on the second machine, then
bind to the first instance as ADAM admin, and add the user from the second
machine to admins group using its SID, using <SID=S-1-5-xxx-xxx> DN syntax.
-- Dmitri Gavrilov SDE, Active Directory Core This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm "Eoin Mooney" <eoin.mooney@nortelnetworks.com> wrote in message news:11aa501c3f537$1d384820$a601280a@phx.gbl... > See inline > >-----Original Message----- > >Does it really say somewhere that you should use the same > acct for service > >account and ADAM admin account? Where exactly? > > I did a search on Google and found a large chain of > messages in a microsoft news group which eventually led to > the conclusion that the user accounts should be the same , > obviously this is not the case, which is good. > > > >These two accounts are not related. The best option for > your setup is to use > >NetworkService as the service account, and some domain > user or, even better, > >a group as ADAM admin. > > Great that is what I hoped . > > > >You MUST set both service account and admin account > during setup. > > Yep , thanks there . > > > I had got it working [DNS issues it seems] but I used the > same Domain user account for both setup privilidges and > found I could not access the ADAM partition [ADSIEDit] I > created on the 2nd instance of ADAM [A referal from the > server error] but on the PC with the first instance of > ADAM I could connect remotely to the 2nd instance > [ServerB:389] and add and remove elements via this method, > I presume this is because of the users I used when setting > up the instances. > > > Thanks again Dmitri > > > >-- > >Dmitri Gavrilov > >SDE, Active Directory Core > > > >This posting is provided "AS IS" with no warranties, and > confers no rights. > >Use of included script samples are subject to the terms > specified at > >http://www.microsoft.com/info/cpyright.htm > > > >"Eoin Mooney" <eoin.mooney@nortelnetworks.com> wrote in > message > >news:10ce201c3f477$3936bcc0$a001280a@phx.gbl... > >> Hi, > >> > >> I am trying to write up a proceedure [as well as getting > >> ADAM to replicate] for our product that uses ADAM . > >> > >> Our test set-up is > >> > >> Win 2000 Server Domain > >> Win 2003 member server with ADAM. > >> > >> Installing ADAM steps > >> > >> Ist instance setup : Unique > >> > >> Service Account Selection : > >> Domain Users with Run As service set and part of the > >> replicator group [as well as the Admin group] > >> > >> Admin Administators > >> > >> I have tried both : > >> Same as Service Account [as recommended] > >> Administrators group [first on the Win2003 machine and > >> then on the Domain server] > >> > >> But I believe the problem that I am encountering is to > do > >> with the Service Account selection. I get the following > >> error > >> > >> The wizard could not access the registry > >> Error Code : 0x8007054b > >> The specified domain either does not exist of could not > be > >> contacted. > >> > >> Now I will put my hand up and say I am not a n/w or > domain > >> setup expert but as far as we can see the domain > >> controller "seems" setup with the correct Wins and DNS > and > >> users with the appropiate permissions . > >> > >> I am unsure where to post this problem because I dont > know > >> what is is ADAM or Setup [n/w] > >> > >> Does Win 2003 member server need additional setings on > it? > >> Are there special considerations to consider when > setting > >> up replication in a Domain. > >> > >> Also > >> Is is absoultly necessary to have the service account > and > >> the Admin account the same during setup ? I know you can > >> add groups later on but I would perfer to avoid this > extra > >> step . > >> > >> > >> Regards > >> > >> Eoin > >> > > > > > >. > >
- Next message: Dmitri Gavrilov [MSFT]: "Re: Authenticating ADAM user"
- Previous message: adoyt: "Re: Service Accounts : Best Practice"
- In reply to: Eoin Mooney: "Re: ADAM : Install using Domain users as Admin rights issue"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
