Re: Azman: AzAuthorizationStoreClass.Initialize

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

the impersonation is working without problems
the. The service account we are using to do impersonation
is in the Admintrator role. in ADAM

I add to the serice account to the reader role in ADAM.
Made no difference same error. Access Denied on Initialize

Running XP2 SP2 and Server 2003 SP1.
Posted this in the DotNetSecurity newsgroup

"Dustin" wrote:

> mwr,
> Make sure of a couple things..
>
> make sure to have <identity impersonate='true' />
> and MOST IMPORTANTLY !!!
>
> <deny users="?" />
>
> Since your Using AzMan. Its Recommended that you also use a Network Service
> account that your application impersonates as.
>
> Another thing you can try,
>
> Make sure in your Roles under AzMan. The account your impersonating as is in
> the Readers Role. And Administrators Role.
>
>
> "mwr" wrote:
>
> > I thought you might say that, but wasnt sure what newsgroup to try.
> > Its basically the permissions that the Microsoft.Interop.security.AzRoles.dll
> > needs to Intialize the application store in ADAM
> >
> > "Joe Kaplan (MVP - ADSI)" wrote:
> >
> > > You might want to try one of the programming oriented newsgroups like
> > > ms.public.dotnet.security,ms.pub.dotnet.framework.aspnet.security or
> > > ms.pub.platformsdk.security.
> > >
> > > Joe K.
> > >
> > > "mwr" <mwr@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > > news:447FAFBF-BFC5-439C-BE82-7AF94259846B@xxxxxxxxxxxxxxxx
> > > >I am calling AzAuthorizationStoreClass.Initialize
> > > > and i am getting an access denied. My app is an
> > > > asp.net and i am doing impersonation. The 'Initialize'
> > > > method works if i add the user acount doing the impersonation
> > > > to the admininistrator group on the local machine
> > > > but fails otherwise.
> > > >
> > > > I dont want to have to make the account doing the
> > > > impersonation and admin of the box. What permissions
> > > > do i need to set in order for the method call to succeed
> > > > without being an admin of the box.
> > > >
> > > >
> > >
> > >
> > >
.

Relevant Pages

  • Re: Change ADAM Service A/c Password
    ... We have used this username whne we installed ADAM initially. ... and also update service a/c credential for existing adam instance. ... So which account is your *ADAM* Administrator account? ... The procedure for updating the service account in ADAM is here. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Change ADAM Service A/c Password
    ... So which account is your *ADAM* Administrator account? ... The procedure for updating the service account in ADAM is here. ...
    (microsoft.public.windows.server.active_directory)
  • Re: How to add domain groups to be administrators of an ADAM insta
    ... will change the service account correctly (service.msc is just ... The domain account you specify ... This should be covered in the ADAM Help file, ... >> An ADAM administrator is an account with control over the ADAM ...
    (microsoft.public.windows.server.active_directory)
  • Re: Azman: AzAuthorizationStoreClass.Initialize
    ... What is the account that is used to run azman? ... Does ADAM live on the same ... The service account we are using to do impersonation ...
    (microsoft.public.windows.server.active_directory)
  • Re: Change ADAM Service A/c Password
    ... this user is part of build-in administrator group of ADAM installed ... and also update service a/c credential for existing adam instance. ... So which account is your *ADAM* Administrator account? ... The procedure for updating the service account in ADAM is here. ...
    (microsoft.public.windows.server.active_directory)