Re: Adam authentication logon workstation in the domain

Jonatan,

You can have ADAM do a one-way sync with active directory to act as an LDAP
authentication for those users. Unfortunately, ADAM does not have the full
set of services required for the logon process. If you are looking to use
it as a local resource for LDAP, then it would fit the bill but it will not
function as a read-only controller.

Given that Server 2008 is only in RC0 now and that it will be a while before
it is really entering the enterprise, I would suggest that you can accomplish
something similar with Domain controllers if you control physical access and
directory permissions very well.

Perhaps you could give us a run down of the concerns you have and what you
are specifically trying to accomplish and we can point you int he right
direction to getting this done with what's available today?

Hope this helps!
--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Project+
http://www.techsterity.com
Chicago, IL

Remember: Marking helpful answers helps everyone find the info they need
quickly.


"Jonatan Sancho" wrote:

Thanks two i think the DC in read mode could be the solution, i wait to
windows 2008

"Joe Kaplan" wrote:

No, ADAM does not store Windows security principals. You need some sort of
domain controller. Read only domain controller in Windows Server 2008 might
be a good scenario for you.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Jonatan Sancho" <JonatanSancho@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9A7745B3-13B9-4F25-B6EB-0559C9045E8B@xxxxxxxxxxxxxxxx
Could be possible an Adam authenticate logons in the domains (like Global
Catalog) to a branch office?, i want to provide authentication service
although the network were down, but i don't want install AD in all the
branch
office i want something like BDC.

thank you and sorry for my English



.

Relevant Pages

  • Re: LDAP authentication security ?
    ... Using an internally rooted CA can be less expensive, but it is less easy to get all of the clients to trust your certs issued by this CA, especially in an environment that includes non-Windows machines that can't take advantage of auto enrollment or GPO for distributing trusted roots. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... If the application supports SASL bind with either GSS-SPNEGO or DIGEST authentication, then you can use that directly with AD without needing to secure the channel as those authentication mechanisms are already secure without channel encryption. ... Simple bind is the authentication mechanism in the LDAP V3 spec and is supported by all LDAP directories. ...
    (microsoft.public.windows.server.security)
  • Re: Recommended strategy for providing access to web apps via Inte
    ... LDAP is an ugly solution on the public internet, ... These federated authentication protocols are designed to address these ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.windows.server.active_directory)
  • Re: Recommended strategy for providing access to web apps via Inte
    ... "Joe Kaplan" wrote: ... opened the firewall up for LDAP, the external entity can execute ANY LDAP ... These federated authentication protocols are designed to address these ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.windows.server.active_directory)
  • Re: LDAP authentication security ?
    ... If the application supports SASL bind with either GSS-SPNEGO or DIGEST authentication, then you can use that directly with AD without needing to secure the channel as those authentication mechanisms are already secure without channel encryption. ... Simple bind is the authentication mechanism in the LDAP V3 spec and is supported by all LDAP directories. ... If you need SSL, AD supports SSL LDAP just fine, assuming you get a certificate for your domain controllers. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.windows.server.security)
  • Re: Authenticating Windows 2003 users to a central LDAP
    ... The Domain Controller itself contains a LDAP ... We are running a Windows 2003 R2 server whose domain ... and workstation authentication for a portion of the ...
    (comp.protocols.kerberos)