Re: ADAM - Schema Admins?

---

• From: Thorsten Schmitt <schmitt_thorsten@xxxxxxxxxxx>
• Date: Thu, 14 Jun 2007 07:13:17 +0200

---

Hi,

thanks for this information. It is a reuqest of a customer who hosts the ADAM at a hoster.
I will give it a try and test it and myybe will get back.

Thanks and Kind Regards,
Thorsten



Lee Flight wrote:

Hi

members of the Administrators role in the ADAM configuration naming context
are Schema Admins. However the application naming context Admins are not
Schema Admins so the question is do you need to distinguish config NC
admins from Schema Admins? Bear in mind that if you do create a Schema
Admins role who will control it's membership, it would probably make sense
only if membership was controlled by another group (not config NC admins)
or the Schema Admins themselves. Also you will need to revoke default
permissions on schema for configNC admins, should be OK but I have
never run in that configuration in production.

If you think it still worth investigating then install a test ADAM instance,
run ldp and bind to the instance, right-click schema NC -> Advanced
-> Security descriptor and look at the ACE that is set for cn=Administrators.
You want to duplicate that ACE for a domain group or ADAM role
that you intend to use as ADAM Schema Admins. It's basically an access
mask of everything except delete, set to inherit down the schema tree.
Post back if you need more help.

Lee Flight


"Thorsten Schmitt" <schmitt_thorsten@xxxxxxxxxxx> wrote in message news:eYqX$WUqHHA.1296@xxxxxxxxxxxxxxxxxxxxxxx

Hi,

ist there a way to differ between "normal" ADAM Aministrators and Administrators with Permissions to change the Schema? It would be helpful to have permissions like the Active Directory Group "Schema Administrators" and to be able to have different Administrators for normal tasks and Schema Tasks.
Anay ideas? Maybe.. .settings ACL.. but which and where and how...?

Thanks and best Regards,
Thorsten

.

---

• References:
  • ADAM - Schema Admins?
    • From: Thorsten Schmitt
  • Re: ADAM - Schema Admins?
    • From: Lee Flight

• Prev by Date: Re: Fixing Replication Failures
• Next by Date: RE: About HRESULT Code in Windows
• Previous by thread: Re: ADAM - Schema Admins?
• Next by thread: Site naming issue?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Synchronize only attributes you want ADAMSync ... schema to be only the user and Organizational-Unit classes (plus ... attributes still sync their values into my ADAM schema, ... Updating the configuration file DirSync cookie with a new value. ... (microsoft.public.windows.server.active_directory) Re: Synchronize only attributes you want ADAMSync ... schema to be only the user and Organizational-Unit classes (plus ... attributes still sync their values into my ADAM schema, ... Updating the configuration file DirSync cookie with a new value. ... (microsoft.public.windows.server.active_directory) Re: ADAMSync not synching ... here is the configuration xml file I loaded... ... is just a base W2k3 AD schema that is less relevant that the source AD ... a fresh ADAM install as below it could be that something in your XML config ... (microsoft.public.windows.server.active_directory) Re: ADAM - Schema Admins? ... Schema Admins so the question is do you need to distinguish config NC ... never run in that configuration in production. ... If you think it still worth investigating then install a test ADAM instance, ... (microsoft.public.windows.server.active_directory) Re: Creating a Computer Object in ADAM ... Using the ADAM Schema MMC Snap-In, I determined that the Schema Master ... Directory Server Diagnosis ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)