Re: AD/AM userCertificate autoenrolement

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Lee Flight (lef_at_le.ac.uk-nospam)
Date: 05/28/04

Next message: Jim Watts: "Re: 2003 Domain Upgrade - InetOrgPerson Expected Failure didnt happen!"
Previous message: Simon Geary: "Re: Win 95 98 NT and ME clients with 2003 Server - What will work?"
In reply to: Dmitri Gavrilov [MSFT]: "Re: AD/AM userCertificate autoenrolement"
Next in thread: Dmitri Gavrilov [MSFT]: "Re: AD/AM userCertificate autoenrolement"
Reply: Dmitri Gavrilov [MSFT]: "Re: AD/AM userCertificate autoenrolement"
Messages sorted by: [ date ] [ thread ]

Date: Fri, 28 May 2004 10:12:29 +0100

Even though you don't need ADAM in this case how about if you have Extranet
applications
that can use AzMan, could you use ADAM for the name mapping and the AzMan
policy
store for the those apps?

I guess in terms of the Microsoft prescriptive guidance, which assumes the
Extranet application is IIS,
that would only be useful if the "Windows Directory service mapper" option
in IIS could work against ADAM which cannot be possible as "Windows
Directory" must mean the domain the IIS server is joined to so I guess you
do need a full AD in the Extranet for this (IIS) scenario.

Lee Flight

"Dmitri Gavrilov [MSFT]" <dmitrig@online.microsoft.com> wrote in message
news:%23RlI3pGREHA.2824@TK2MSFTNGP12.phx.gbl...

> However, if you have a Windows user that has the same cert, then you can
> authenticate to Windows with this cert. But you don't need ADAM in this
> case.
>
> --
> Dmitri Gavrilov
> SDE, Active Directory Core
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>

Next message: Jim Watts: "Re: 2003 Domain Upgrade - InetOrgPerson Expected Failure didnt happen!"
Previous message: Simon Geary: "Re: Win 95 98 NT and ME clients with 2003 Server - What will work?"
In reply to: Dmitri Gavrilov [MSFT]: "Re: AD/AM userCertificate autoenrolement"
Next in thread: Dmitri Gavrilov [MSFT]: "Re: AD/AM userCertificate autoenrolement"
Reply: Dmitri Gavrilov [MSFT]: "Re: AD/AM userCertificate autoenrolement"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: AD/AM userCertificate autoenrolement
... Lee, if you do end up implementing something like this, please let me know, ... > The thing that's really exercising me though is that although you say ADAM ... users with no UPN just get Extranet services. ... >>> Extranet application is IIS, ...
(microsoft.public.windows.server.active_directory)
Re: AD/AM userCertificate autoenrolement
... head on the material in there and custom principals in AzMan. ... The thing that's really exercising me though is that although you say ADAM ... users with no UPN just get Extranet services. ... > ADAM can not be used as a store for integrated authentication. ...
(microsoft.public.windows.server.active_directory)
Re: ADAM : Beginner and need help
... AzMan probably isn't a good solution for Java, but the AzMan design might be ... ADAM also supports the AD "tokenGroups" attribute which can be used to ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... ADAM can also support lots of password policy features that Windows ...
(microsoft.public.windows.server.active_directory)
Re: ADAM
... If you need logon auditing, then ADAM can do this, although it will go into ... Security log, not IIS log. ... >>You can not use ADAM for IIS authentication, ...
(microsoft.public.windows.server.active_directory)
Re: ADAM wirh SSL
... Resource kit to generate the self-signed cert I'm using. ... The cert works perfectly with IIS as well, so I know it *can* work. ... used this same procedure on a previous XP install with ADAM and IIS and it ... No suitable default server credential exists on this system. ...
(microsoft.public.windows.server.active_directory)