Re: ADAM woes
- From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
- Date: Sun, 13 Aug 2006 17:02:26 -0400
Not to be rude, but you guys don't seem to be very close to being Microsoft specialists to be coming up with Microsoft solutions regardless of how big you are.
Unless you are messing with Exchange and using CDOEXM most apps should be able to utilize AD from a workgroup machine if you actually have a strong understanding of how authentication works. I do a vast majority of my work from workgroup machines because it tends to be safer, plus I work on so many different environments that are unconnected that joining any one doesn't help much. The exception again is for Exchange, if you want to work with Exchange with the official Exchange tool sets you have no choice but to join that specific domain.
Now certainly even if you knew how to work against your production AD, that isn't something that you want to do with dev work is it? Does that make any sense? Of course not. Now you look at pulling the production AD into your test lab and that should be easy enough if you know what you are doing. However, you need to bring the people responsible for AD into the loop on it and they can probably help you with it. They may not want you do to that because depending on the info in the directory, that could actually be dangerous. I know for a fact I could grab most of the info from our corporate directory and put it on my laptop on an ADAM instance but I also know that I could rightfully be fired for doing so because my laptop is not a safe location for that information.
I am not sure how in the world you got an Enterprise Admin ID to your production AD except for paragraph 1.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Lars W. Andersen wrote:
"Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message news:%23W86pAxvGHA.416@xxxxxxxxxxxxxxxxxxxxxxx.Not that I think you're going down the right path, but what you're asking (in my words) is if you should be able to sync the AD to ADAM with adamsync, correct?
Hi Al,
I hear you ... and even though I am working for what is the largest IT service provider in the world (take a guess) having a development machine that is part of an AD ( a competitors product) is not an option. Far-out when we actually need it as we have customers requiring MS solutiong, but sadlye true. Believe me ... us being a MS shop in an anti-MS organisation have tried almost everything. Next time i reinstall my laptop I have sworn that I'm gonna install a W2K3 server and create my own ad ... if nothing else .. out of spite =8-)
Virtualization is an option- but I was looing for something simple and quicker for now.
. You must have Read or Dirsync access to the objects or partitions in the Active Directory forest that you want to synchronize.The user I have on the AD is enterprise admin. That ought to do the trick :)
. You must have full control of an application directory partition on an ADAM instance to run this command.I own that as well.
You should have that via your AD account rights, however you'll run into an issue by not being part of the domain with these workstations because the account you want to use for AD won't be known for the local instance.
Is that just simply not possible? Or is it possible to "breach" the DC security to let me do this?
Another possible way around that would be to install adam on another of the servers on the domain ... sync the ad to that adam and then copy the adam to my local workgroup machine and restore it there?
- Follow-Ups:
- Re: ADAM woes
- From: Lars W. Andersen
- Re: ADAM woes
- References:
- ADAM woes
- From: Lars W. Andersen
- Re: ADAM woes
- From: Al Mulnick
- Re: ADAM woes
- From: Lars W. Andersen
- ADAM woes
- Prev by Date: Re: ACLs have changed
- Next by Date: Re: ADAM woes
- Previous by thread: Re: ADAM woes
- Next by thread: Re: ADAM woes
- Index(es):
Relevant Pages
|
