Re: ADAM ADSI

From: Lee Flight (lef_at_le.ac.uk-nospam)
Date: 11/24/04 

Date: Wed, 24 Nov 2004 13:57:29 -0000

Hi

ADAM permissions are somewhat restrictive by default. To enable
users or groups to read from an application partition you will need
to add them to the builtin Readers role/group for that partition. See
the

 ADAM help file
           Administering ADAM
                  Administering access control

If you fire up ADSIedit and bind to the application partition then you
should find that you can edit the member attribute on
 cn=Readers,cn=Roles
under the partition head to add ADAM or Windows principals.

The ADAM technical reference

http://www.microsoft.com/downloads/details.aspx?familyid=96c660f7-d932-4f59-852c-2844b343f3e0&displaylang=en

has some useful in this area, p.63 onwards.

Lee Flight

"Owen Oriaku" <akuchigo@yahoo.com> wrote in message
news:b70ef34.0411240528.5057633c@posting.google.com...
> Hi there,
>
> I am having a weired problem with Active Directory Application Mode. I
> recently installed AD/AM on my Laptop running MS Windows 2003 Server,
> using a windows account that has got admin rights. this was the
> account that I used in logging into the computer.
>
> During the installation, I created the DN as O=OPRA,C=UK. Also I was
> able to create an Authorization store with the following
> "CN=azPolicy,OU=ADAM users,O=OPRA,C=UK". When I try to access this
> store from Authorization Manager using the original account that was
> used in setting up AD/AM, I could access the store. But when I log in
> as a different user and try to access the store from Authorization
> Manager, I get the error "System could not find the specified file".
>
> Further investigating the problem, I found out that I couldn't access
> the Application Partition "O=OPRA,C=UK", using the new user windows
> account. This goes to tell me that there is a permission thing going
> on that I can't figure out.
>
> What do I need to do to AD/AM to be able to access the application
> partition created by different windows account users?
>
> Regards
> Owen Oriaku

Relevant Pages

  • Limited user loses access to backup partion...
    ... For months I have used another partition to store my data. ... If I do not set my account up as another computer ... administrator, my OE files fail to load, I can not write to some of my ...
    (microsoft.public.windowsxp.general)
  • Limited user loses access to backup partion...
    ... For months I have used another partition to store my data. ... If I do not set my account up as another computer ... administrator, my OE files fail to load, I can not write to some of my ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Makecert & ADAM
    ... cert from the local computer store to the "Personal" store for the adam ... the cert with the private key into the Personal store of the account under ... which my ADAM is instance is running. ... I've even went so far as logging into the account that ADAM is running ...
    (microsoft.public.windows.server.active_directory)
  • Re: Problems with adding an account store
    ... you do this when you run the ADAM ... syntax for partition names in ADAM to the "DC" style that AD uses, ... I am trying to create an ADAM Account Store with the "Account Store ...
    (microsoft.public.windows.server.active_directory)
  • AzMan & ADAM
    ... The only way I can get AzMan to check operations / Roles is if the account ... that access the store is defined as administratoir within ADAM is there any ...
    (microsoft.public.windows.server.active_directory)
Loading