Re: Sync AD with System.DirectoryServices

You can't really do this. There is no way to access the user's password
programmatically like that. There are some third party products out there
that can capture them as they are changed and store them in other data
stores (I think psynch does this, along with its normal function of self
service password reset), but that is really the only option here.

Note also that it is pretty hard to do as good of a job at securing the
passwords in a different store as AD or ADAM does. You have to put some
serious effort into this in order to not compromise your security.

However, I think you might be better off considering creating a disaster
recovery plan around AD. Perhaps you could replicate AD to another location
off site and switch over that AD instance in the event of a disaster? The
great advantage here is that you are still using AD, so you don't
necessarily have to change all of your applications (and all of the other
things that might depend on AD, which can be a LOT, depending on how you use
it).

You might consider starting a different thread here regarding some
approaches for disaster recovery, as a lot of the other experts in this
group are very familiar with that type of thing.

Best of luck,

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<jason.michael.perry@xxxxxxxxx> wrote in message
news:1156010016.631201.84980@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I have a client running AD internally for user authentication. They
want to create a single sign on systgem that syncs/duplicates AD in to
SQL server on an external server.

The idea here is to still allow access to the Intranet (hosted
externally) in the case of a natural disaster (hurricane).

I can easily get all the user data I need from this using
System.DataServices. However, this approach does not give me access to
the user's password. I need a way to authenticate a user if AD
dies...any ideas?



.

Relevant Pages

  • Re: Authorization Manager Problem
    ... It may also be the case the AzMan doesn't know how to do an anonymous LDAP ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... I have a scenario where I am using Azman, with the store in an Active ... Directory Domain controller. ...
    (microsoft.public.dotnet.security)
  • Re: How to run as in a deamon
    ... Have them set up the scheduled task to run as the required user. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... Do we need to get their uname/pw and store it to be able to runAs them - ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Password Reset Self Service
    ... where will you store the answers? ... Creating a web page that does the password reset is quite easy. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.windows.server.active_directory)
  • Re: How to iew Passwords?
    ... It actually doesn't even store them directly, it stores a one way hash, so ... the third party password sync apps like psynch or MIIS. ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.windows.server.active_directory)
  • Re: The demise of Usenet.
    ... > And if you think it's limited to my route, try going to the Tesco ... > Express store - it's a disaster around there most of the time. ...
    (uk.local.kent)