Re: ADAM woes
- From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 13 Aug 2006 16:12:51 -0500
I'm pretty sure you can supply credentials to ADAMSync in order to access
AD. The domain membership thing makes it convenient, but I don't think it
is necessary. Unfortunately, I'm not an ADAMSync expert, so I don't know
exactly how to do it. :)
I think the approach you are taking (with a local ADAM instance) could work
fine, as long as you are doing mostly LDAP stuff against AD and know where
they differ.
I'm not sure if I'd use ADAMSync in your case, though. I think you mght be
better off building up an LDIF script based on a dump of fixed AD data so
that you can quickly bring up an ADAM instance into a know state and then
just leave it alone. The LDIF script gives you a text-based file you can
stick in source control so that when you bring on new devs, you can easily
give them the same test bed ADAM instance. I'm thinking of more of a
database continuous integration-type of approach, except using ADAM/LDAP as
the data store instead of SQL. :)
You can definitely supply credentials to LDIF in order to pull the data down
from AD using the appropriate command line parameters.
If you tell us a little more about what you are doing, we might be able to
provide some other tips as well. If you are doing .NET stuff (far-fetched
in your organization, but you never know :)), you might get some mileage out
of my book too.
HTH,
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Lars W. Andersen" <larswandersen@xxxxxxxxxxxxxxxx> wrote in message
news:e3yaHSxvGHA.2232@xxxxxxxxxxxxxxxxxxxxxxx
"Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message
news:%23W86pAxvGHA.416@xxxxxxxxxxxxxxxxxxxxxxx
Not that I think you're going down the right path, but what you're asking
(in my words) is if you should be able to sync the AD to ADAM with
adamsync, correct?
Hi Al,
I hear you ... and even though I am working for what is the largest IT
service provider in the world (take a guess) having a development machine
that is part of an AD ( a competitors product) is not an option. Far-out
when we actually need it as we have customers requiring MS solutiong, but
sadlye true. Believe me ... us being a MS shop in an anti-MS organisation
have tried almost everything. Next time i reinstall my laptop I have sworn
that I'm gonna install a W2K3 server and create my own ad ... if nothing
else .. out of spite =8-)
Virtualization is an option- but I was looing for something simple and
quicker for now.
. You must have Read or Dirsync access to the objects or partitionsThe user I have on the AD is enterprise admin. That ought to do the trick
in the Active Directory forest that you want to synchronize.
:)
. You must have full control of an application directory partitionI own that as well.
on an ADAM instance to run this command.
You should have that via your AD account rights, however you'll run into
an issue by not being part of the domain with these workstations because
the account you want to use for AD won't be known for the local instance.
Is that just simply not possible? Or is it possible to "breach" the DC
security to let me do this?
Another possible way around that would be to install adam on another of
the servers on the domain ... sync the ad to that adam and then copy the
adam to my local workgroup machine and restore it there?
.
- Follow-Ups:
- Re: ADAM woes
- From: Lars W. Andersen
- Re: ADAM woes
- From: Al Mulnick
- Re: ADAM woes
- References:
- ADAM woes
- From: Lars W. Andersen
- Re: ADAM woes
- From: Al Mulnick
- Re: ADAM woes
- From: Lars W. Andersen
- ADAM woes
- Prev by Date: Re: ADAM woes
- Next by Date: Re: ADAM woes
- Previous by thread: Re: ADAM woes
- Next by thread: Re: ADAM woes
- Index(es):
Relevant Pages
|
