Re: Oh.... I'm just wondering who's seen this stumper...

In news:eKrq18esGHA.4784@xxxxxxxxxxxxxxxxxxxx,
Joe Richards [MVP] <humorexpress@xxxxxxxxxxx> stated, which I commented on
below:
Oh, to add on, using LDAP to update attributes works in a delegated
manner, I have seen it in hundreds of production forests and thousands
of test forests. If delegating specific attributes to a user and that
user can't write them then they

a. Aren't authenticating properly
b. Aren't using LDAP properly
c. Aren't just updating those attributes or are updating those
attibutes incorrectly.

Joe,

I was following this thread and initially I thought to ask how
authentication is written in the script. Now you mentioned A above, I wonder
if it matters, especially in a multi-domain forest, or the fact that LDAP
requires it, to authenticate using the UPN (username@xxxxxxxxxx) instead of
an NTLM method (domain\user)? I think if it were the domain admin that
cached credentials are used, but any other account would require specific
authentication? Am I off base?


--
Ace
Innovative IT Concepts, Inc
Willow Grove, PA

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Having difficulty reading or finding responses to your post?
Instead of the website you're using, I suggest to use OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. This is a direct link to the Microsoft Public
Newsgroups. It is FREE and requires NO ISP's Usenet account. OEx allows you
to easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject.
It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

Infinite Diversities in Infinite Combinations
Assimilation Imminent. Resistance is Futile
"Very funny Scotty. Now, beam down my clothes."

The only constant in life is change...


.

Relevant Pages

  • Re: Active directory corruption?
    ... 2003 domain controllers and 2 Win2000 domain controllers. ... The Security System detected an authentication error for the server ... Instead of the website you're using, I suggest to use OEx (Outlook Express ... This is a direct link to the Microsoft Public ...
    (microsoft.public.windows.server.active_directory)
  • Re: Merge or trust?
    ... happen if I restore mailboxes from another domain on my server. ... And if I need to merge the forests, ... Instead of the website you're using, I suggest to use OEx (Outlook Express ... This is a direct link to the Microsoft Public ...
    (microsoft.public.windows.server.active_directory)
  • IAS forwarding / Multi-Forest / CA Requirement - trusted authority in PEAP properties
    ... Setup for 802.1x machine only authentication. ... "Protected PEAP" ... IAS is setup to forward requests to other domain if a computer ... Forwarding is working great between forests. ...
    (microsoft.public.internet.radius)
  • NTLM Authentication Across Forests
    ... Considering that the domains are in separate forests and that Kerberos ... authentication does not work across forests via external trust, ... since both .html and .aspx files reside on the same web server. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: NTLM Authentication Across Forests
    ... > contains a website which in turn contains two files TestAccess.html ... > Considering that the domains are in separate forests and that Kerberos ... > authentication does not work across forests via external trust, ...
    (microsoft.public.dotnet.framework.aspnet.security)