Re: ADAM "add application partition" using LDIFDE
- From: "Lee Flight" <lef@xxxxxxxxxxxxxxx>
- Date: Tue, 17 Jan 2006 23:49:32 -0000
OK I think understand this a little better now, one thing I am still
struggling with is:
> then things are simple. However, if it is not, then the instance attempts
> to create the crossRef remotely on the naming fsmo, while attempting to
> impersonate the caller. This actually requires special work to setup
> connection (enabling delegation). DSmgmt does this work, but LDIFDE it is
> not likely going to work.
I'm not sure how dsmgmt achieves this as I do not understand how the
delegation
is working; if this were AD and so the DSAs were DCs then as DC are trusted
for delegation I could see this working. For ADAM say the servers are just
domain
members and so not trusted for delegation by default I would see this as the
calling application running (dsmgmt) in the user context making a request
for ticket to access the member server that is the FSMO? I'm probably
misunderstanding the security
context; I'll try a packet sniff...
Lee Flight
.
- Follow-Ups:
- Re: ADAM "add application partition" using LDIFDE
- From: Dmitri Gavrilov [MSFT]
- Re: ADAM "add application partition" using LDIFDE
- References:
- ADAM "add application partition" using LDIFDE
- From: Greg Williams
- Re: ADAM "add application partition" using LDIFDE
- From: Lee Flight
- Re: ADAM "add application partition" using LDIFDE
- From: Dmitri Gavrilov [MSFT]
- ADAM "add application partition" using LDIFDE
- Prev by Date: DNS Zone conflict
- Next by Date: Re: Moving machine accounts from one ou to another
- Previous by thread: Re: ADAM "add application partition" using LDIFDE
- Next by thread: Re: ADAM "add application partition" using LDIFDE
- Index(es):
Relevant Pages
|
