Re: ADAM and the Reader Role
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 22 Mar 2007 15:23:26 -0500
Oh, I see what you are saying. No, you can put as many users into an OU as
you have server resources to handle. I doubt you'll be able hit the max
size for ADAM. You would need a very very very large amount of disk space
to do that. :)
My guess is that your ADAM users don't actually have read permissions on
anything in ADAM, but they may not need that for your application to work.
You don't need read permissions to be able to authenticate.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"jskalicky" <jskalicky@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AAE1D081-6F5D-4AFB-9A2A-C086C8F3732C@xxxxxxxxxxxxxxxx
Joe,
Thanks for the reply. I may have misunderstood the problem I have read on
the internet. My situation is the following: I have one OU and am adding
users into it. I am not assigning users the reader role at all. Is there a
limitation as to how many users can be added to an OU with default
permissions?
Thanks,
Jeff
"Joe Kaplan" wrote:
Well, the issue is that if you want to assign each user directly to the
readers role and you have a lot of users, that group may become to large
to
manage practically. MS did some changes to the DS core in Win2K3 and
ADAM
such that there is no longer a 5000 member max limit on the size of a
particular group, but it could still get to be too big to deal with
unless
you start nesting groups.
In your situation, if you want all of your users to be readers, I'd just
add
the built in "authenticated users" group to the readers role and be done
with it. Any user that can bind to ADAM will have that SID in their
token
and would be in the readers role as a result. This will scale to
millions
of users and make your provisioning less complex. Of course, that
setting
may be too coarse for your security requirements.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"jskalicky" <jskalicky@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F17DF85E-9A29-46B9-B6FD-4ABF9C603F2F@xxxxxxxxxxxxxxxx
I have seen some articles on the internet that suggest that if you use a
default install of ADAM without changing the permissions that once you
get
to
a large value of users that you have to directly assign the reader
permisson
to an OU in order to add a user.
I have tested out of the box permission and have successfully added
20,000
+
users to a single OU. Are there any limitations that anyone knows of
that
would support the argument discussed on the internet?
Thanks,
Jeff Skalicky
.
- References:
- Re: ADAM and the Reader Role
- From: Joe Kaplan
- Re: ADAM and the Reader Role
- Prev by Date: Re: Login issues for Active Directory Users. Unsure of root cause
- Next by Date: Re: problem with the master browse
- Previous by thread: Re: ADAM and the Reader Role
- Next by thread: Re: ADAM and the Reader Role
- Index(es):
Relevant Pages
|
