Re: ADAM woes


"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:uCSGJvxvGHA.1424@xxxxxxxxxxxxxxxxxxxxxxx
Not to be rude, but you guys don't seem to be very close to being
Microsoft specialists to be coming up with Microsoft solutions regardless
of how big you are.

Thats ok No offense taken.... Our small MS team are all developers ... not
infrastructure specialist ... that why I am posting in this group in the
first place.
We can't all know it all can we?


Unless you are messing with Exchange and using CDOEXM most apps should be
able to utilize AD from a workgroup machine if you actually have a strong
understanding of how authentication works. I do a vast majority of my work
from workgroup machines because it tends to be safer, plus I work on so
many different environments that are unconnected that joining any one
doesn't help much. The exception again is for Exchange, if you want to
work with Exchange with the official Exchange tool sets you have no choice
but to join that specific domain.


Exchange is not involved. In my case its purely querying the AD from a
workgroup. In the production setup the machines are all part of the AD. ONe
of my questions revolves around the fact that I havent been able to figure
out how authentication from a workgroup machine works. Is it treated the
same as a non-trustet site? Or does other rules apply?

Now certainly even if you knew how to work against your production AD,
that isn't something that you want to do with dev work is it? Does that
make any sense? Of course not. Now you look at pulling the production AD
into your test lab and that should be easy enough if you know what you are
doing. However, you need to bring the people responsible for AD into the
loop on it and they can probably help you with it.

The AD i'm talking about is one that I set up myself. It's not a production
AD. It's just one we need for development.

But this thread seems to go off-track. I would appreciate constructive
feedback if you have any?

best regards
Lars


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Lars W. Andersen wrote:
"Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx> wrote in message
news:%23W86pAxvGHA.416@xxxxxxxxxxxxxxxxxxxxxxx
Not that I think you're going down the right path, but what you're
asking (in my words) is if you should be able to sync the AD to ADAM
with adamsync, correct?


Hi Al,

I hear you ... and even though I am working for what is the largest IT
service provider in the world (take a guess) having a development machine
that is part of an AD ( a competitors product) is not an option. Far-out
when we actually need it as we have customers requiring MS solutiong, but
sadlye true. Believe me ... us being a MS shop in an anti-MS organisation
have tried almost everything. Next time i reinstall my laptop I have
sworn that I'm gonna install a W2K3 server and create my own ad ... if
nothing else .. out of spite =8-)

Virtualization is an option- but I was looing for something simple and
quicker for now.

. You must have Read or Dirsync access to the objects or partitions
in the Active Directory forest that you want to synchronize.

The user I have on the AD is enterprise admin. That ought to do the trick
:)

. You must have full control of an application directory partition
on an ADAM instance to run this command.

I own that as well.


You should have that via your AD account rights, however you'll run into
an issue by not being part of the domain with these workstations because
the account you want to use for AD won't be known for the local
instance.


Is that just simply not possible? Or is it possible to "breach" the DC
security to let me do this?

Another possible way around that would be to install adam on another of
the servers on the domain ... sync the ad to that adam and then copy the
adam to my local workgroup machine and restore it there?


.