Re: User Passwords and ADAm

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Lee,

Maybe I was not entirely clear. What I would like to do is th efollowing:

1. I have about 1500 users that will be in the ADAM instance tht have a
corresponding account in our Enterprise AD. For this sampling of users I
would like to just send there NT credentials to ADAM which will be installed
in our domain.

2. I will have s sampling of other users that will not have a corresponding
account in our Enterprise AD and will want to store there password in ADAM.

My question is the following:

1. Can I just send the NT credentials to ADAM and it will pass of the
authentication attempt to the DC's?

2. Can I just do a simple bind to adam as well and store the password in
ADAM in this fashion?

I would prefer to not use the BindProxyObject type in ADAM to accomplish
this. In my preliminary tests sending the NT credentials straight to ADAM
seems to work fine. Let me know about the simple bind as well.
Please advise...

Thanks,

Jeff Skalicky
"Lee Flight" wrote:

Hi

where do the passwords for the subset come from?

Options are:

[1] use bindProxy where appropriate and native ADAM users for the subset?

[2] use native ADAM users for all and sync the passwords from AD.
NOTE that sync'ing the password from AD will require
change/reset of AD user password
and a sync tool (or portal) that can intercept the password change

In the above native ADAM user means a security principal with
msDS-bindableObject
as an auxilliary class.

Lee Flight

"jskalicky" <jskalicky@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EC77E2EE-C243-422E-A600-98A81946B7E9@xxxxxxxxxxxxxxxx
I currently have an ADAm instance installed in our domain. I want to have
the
ability to bind to the directory using windows credentials but at the same
time also have a subset of users that I will need to store there passwords
in
ADAM. Is this possible without using the bindproxy object type? Please
advise...

Thanks,

Jeff Skalicky



.

Relevant Pages

  • Unattended ADAM Replica setup
    ... I'm trying to create an ADAM replica instance with an unattended ... But the problem is there is only one set of credentials ... listed in the ADAM online install docs. ... The following line specifies to install a unique ADAM instance. ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM Client W2k3 WebEdition
    ... Joe K. ... > now passes the credentials of an ADAM administrator account for every ... > operation the the ADAM server. ... >> will use the security context of the current thread to try to access ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM Information
    ... Application operates using different credentials than the end user. ... The user does NOT have access to these folders outside the application (i.e. in Windows Explorer) with their user-based credentials. ... We have read about ADAM, but it is alot of techno speak, and unclear what it does. ... You CANNOT assign access permissons based on a ADAM "entity" - Windows ...
    (microsoft.public.windows.file_system)
  • Re: ADAM Foreign Principal Group Membership.
    ... If ADAM is on the same box, then delegation is not needed. ... delegation to overcome the "double-hop" issue where your credentials cannot ... So, you should just be able to impersonate, bind to ADAM and get your ...
    (microsoft.public.windows.server.active_directory)
  • Re: ADAM Foreign Principal Group Membership.
    ... I agree as I don't have the users in ADAM only group membership. ... reading tokenGroups from root DSE - If I don't have the user's ... I don't bind using the user credentials I bind using the executable's ...
    (microsoft.public.windows.server.active_directory)