Re: Storing MAC addresses in AD
- From: boris52 <boris52.3vzqfb@xxxxxxxxxxxxx>
- Date: Mon, 27 Jul 2009 21:00:43 +0530
'Richard Mueller [MVP Wrote:
;4534201']"boris52"
...the
Right now I can see two possible approaches (both should ignore
disabled users):
1. write a custom script for our VMPS server to query AD directly
2. write a sync script to query all objects within AD and regenerate
the flat file on a periodic basis.
Without adding custom attributes, all I can see is to make use of
notes field parse multiple mac-addresses out of this section.------------------------------------------------------------------------
Is this the best approach?
cheers,
--
boris52
boris52's Profile: http://forums.techarena.in/members/118701.htmhttp://forums.techarena.in/active-directory/1221183.htm
View this thread:
http://forums.techarena.in
[/color]
Do you currently, or do you plan to, do something with the MAC
addresses
other than keep track of them in a list? Would the userWorkstation
attribute
help? userWorkstations, a single-valued attribute, is a comma delimited
list
of the NetBIOS names of the workstations the user is allowed to logon
to. AD
actually enforces this. If there are any names in the list, the user
can
only logon to those workstations. I don't see how you could enforce
your
list of MAC addresses, other than to detect new addresses, perhaps in
a
logon script.
If you keep track of MAC addresses in AD, you can save them in a comma
delimited list. The "info" attribute corresponds to the "Notes" field
on the
"Telephones" tab of ADUC. Would it make more sense to save the MAC
address
in an attribute of the computer object?
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
I have a set of users who are using arbitrary desktops/laptops that I
don't control running a mixture of MacOS, Linux and Windows. My interest
in this kit is to ensure that only specific hardware can use the network
ports to access the servers, while by default anyone else cannot. Given
the complexity I don't ever expect to add these into the AD.
I think I want to use the 'userWorkstations' for this either, since I
may want to use this functionality to restrict access to servers on a
per user basis.
Since I need to support multiple mac-addresses it does sound like I
will need to use the notes field. I had thought of extending the schema
to add this parameter in somehow, but even if I did that, the new
attribute(s) would not be controllable from the 'user properties'
panel.
Have I missed something?
cheers
--
boris52
------------------------------------------------------------------------
boris52's Profile: http://forums.techarena.in/members/118701.htm
View this thread: http://forums.techarena.in/active-directory/1221183.htm
http://forums.techarena.in
.
- References:
- Re: Storing MAC addresses in AD
- From: Richard Mueller [MVP]
- Re: Storing MAC addresses in AD
- Prev by Date: Re: ADAM Authentication
- Next by Date: Re: SSL with ADAM
- Previous by thread: Re: Storing MAC addresses in AD
- Next by thread: RE: Storing MAC addresses in AD
- Index(es):
Relevant Pages
|
