Re: AzMan & ADAM
- From: "Dmitri Gavrilov [MSFT]" <dmitrig@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 16 Jun 2005 13:41:42 -0700
AzMan must be writing something somewhere. I don't know where, sorry. To
find out what it is writing, you can enable auditing in the tree, and
examine security logs to see which LDAP operations it is performing. In ADAM
V1, you need to write script to modify SACLs. However, if you download R2
Beta2, then you can use LDP.exe from R2 ADAM package -- this one has a
builtin ACL editor.
Another option is to set DirectoryAccess logging to 4 or 5 -- you should
then see an event in the ADAM evenlog corresponding to each ldap operation
being performed.
--
Dmitri Gavrilov
SDE, DS Admin eXperience
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Robert Rolls" <implatform@xxxxxxxxxxxxxxx> wrote in message
news:ez6$PvlcFHA.720@xxxxxxxxxxxxxxxxxxxxxxx
> The only way I can get AzMan to check operations / Roles is if the account
> that access the store is defined as administratoir within ADAM is there
> any way I can make him a reader than an administrator?
>
> Robert.
>
.
- Follow-Ups:
- Re: AzMan & ADAM
- From: Shawn Wu [MS Security]
- Re: AzMan & ADAM
- References:
- AzMan & ADAM
- From: Robert Rolls
- AzMan & ADAM
- Prev by Date: Windows 2000 DC's bringing in 2003 DC's
- Next by Date: Re: SDDL confirmation -- Set event log security for the domain
- Previous by thread: AzMan & ADAM
- Next by thread: Re: AzMan & ADAM
- Index(es):
Relevant Pages
|
