Re: Configuring ADAM replication resets passwords

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: "Dmitri Gavrilov [MSFT]" <dmitrig@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 3 Aug 2007 01:52:24 -0700

Are you sure the passwords were lost? How did you check?
Note that passwords cannot be read back from the directory, this is a
security feature. If you attempt to read one, you'll always get a NULL (no
value) back.
The only way to check if the password is there is to bind as this user with
the password.

--
Dmitri Gavrilov
SDE, Active Directory team

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

<ewan_mcteagle@xxxxxxxxxxx> wrote in message
news:1186100402.059093.262940@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I've run across the following annoying problem with an ADAM
deployment:

A single W2003 sp1 server in a workgroup has ADAM installed and a
large number of user accounts created within an ADAM instance.
Subsequently I built a second server (same workgroup, changed msDS-
ReplAuthenticationMode to allow replication to take place), installed
ADAM and succesfully configured replication for the ADAM instance.
The accounts appeared on the second server, but the passwords for all
of the user accounts were lost (on both servers), so I had to retype
each of these manually. I'd now like to add a third server and
configure replication, but I suspect that this will wipe all the
passwords again...

Is this working as designed or is something broken? I've replicated
this problem in multiple environments. Backing up the ADAM instance
before configuring replication does not help, since restoring a backup
similarly seems to wipe all the passwords.

Any ideas on what is happening?

Thanks,

Ewan

Follow-Ups:
- Re: Configuring ADAM replication resets passwords
  - From: ewan_mcteagle

References:
- Configuring ADAM replication resets passwords
  - From: ewan_mcteagle

Prev by Date: Re: How to configure Active Directory to allow anonymous queries
Next by Date: RE: New DC not visible in Default-First-Site
Previous by thread: Configuring ADAM replication resets passwords
Next by thread: Re: Configuring ADAM replication resets passwords
Index(es):
- Date
- Thread

Relevant Pages

Re: Configuring ADAM replication resets passwords
... resetting of user passwords is not expected behavior on configuring ... after you configure replication which ADAM instance is your ... being valid did you restore the ADAM instance to the same server? ...
(microsoft.public.windows.server.active_directory)
RE: VmWare and Pen-test Learning
... Setup a tftp server on your client machine. ... Use John the Ripper to crack the passwords. ... (dictionary attacks, brute force, single mode). ... Download FREE whitepaper on how a managed service can help ...
(Pen-Test)
Re: Strange SSID in the air...
... the cable modem assigning Gateway+DNS to the Linksys router etc.)? ... to verify that DNS lookups actually point to the real web site. ... from overloading one server, while another remains under-utilized. ... dumb applications that are not very smart about encrypting passwords. ...
(alt.internet.wireless)
Re: unified authentication
... > I have a number of FreeBSD machines. ... Each *class* of server or device gets a different root password (or ... root/enable passwords, and have a bit less worry about ex-employees. ... only sysadmins have logins on routers.) ...
(FreeBSD-Security)
Re: Configuring ADAM replication resets passwords
... applied on the other systems which causes the passwords to be effectively ... This is one reason why I think it is important to have the ADAM machines ... after you configure replication which ADAM instance is your ...
(microsoft.public.windows.server.active_directory)