Does MIIS stand for Microsoft Internet Information Services? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Thursday, November 04, 2004 10:52 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD & OpenLDAP
AD is quick, painless and mostly maintenance free. That's easy. Think of it as an app that comes with it's own directory just like so many others :) Sounds like you want the account lifecycles to be authoritative in another system and just have them flow down to AD. If that's the case, they MIIS might be your ticket. It could also be that you want to have a look at the current metadirectory systems you have (for lack of a better name even if they're homegrown) to see if they can do what you want. For more reading on the product and how to plan, deploy, and run it have a look at the website: http://www.microsoft.com/ad Note that AD relies heavily on DNS which is the usual biggest fight for deployment. Best bet is to delegate a sub zone for AD usage and get the workstations to use a AD DNS and forwarders to other DNS systems if your environment is similar to ones I've seen before. That allows your AD infrastructure to be self-contained and mostly integrated with the other systems in the landscape. Over time somebody is bound to realize that the AD is the more important of the systems as it contains and controls the desktops which are the only access points of "gates" to the back room infrastructure. Helps to have it in place and working first though :) Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Romeyn Prescott Sent: Thursday, November 04, 2004 10:08 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD & OpenLDAP I want the users of the PCs I manage to authenticate against AD so I can use Group Policies to manage (or micromanage) their permissions on the computer based either on A) who they are and/or B) which computer it is. Not having had a Windows server newer than NT4 to play/experiment with before now, I'm only going based on what I've read and seen others talk about on other lists. We run SCT Banner on a VAX. That is where all student data gets initially entered. Changes to that data are frequently sent to another of our systems, and that userbase is mirrored to various of our other systems and services. I sense I'm going to have a battle on my hands getting AD even turned ON in this environment. So if it can be "quick, painless, and maintenance-free" that'd be a huge selling point for me. :-) ...ROMeyn At 9:22 AM -0500 11/4/04, Mulnick, Al scribbled: >Out of curiosity, why would you want Active Directory to not be "the" >source or user accounts and then want to sync with openldap? Can you >describe the goals a little more and why you're wanting to put Active >Directory into your environment in the first place? What planning have you already done? > >Al > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko >Sent: Thursday, November 04, 2004 9:17 AM >To: [EMAIL PROTECTED] >Subject: Re: [ActiveDir] AD & OpenLDAP > >On Thu, 4 Nov 2004 09:11:57 -0500, Romeyn Prescott wrote > >> 1) Does Active Directory come with Server 2003, or is it some sort >> of "add-on" which must be purchased separately. (Microsoft's web >> site seems, in at least one location, to indicate that it comes with >> it, but I just want to be sure.) > >It is built-in feature of Windows Server - You are establishing server >as domain controller by running dcpromo.exe on the server > >> 2) We have a relatively new OpenLDAP server (also running on Linux) >> which also mirrors our account base. Given that we do NOT want the >> Windows 2003 server to be "the" source for our user accounts, is it >> possible to tell it to synchronize with an OpenLDAP server? Is such >> a task "trivial," "complicated," or "impossible?" > >Depending on the approach: >- You can write some scripts which will "monitor" OpenLDAP and will >create users in AD >- You can use products like for example MIIS 2003 to synchronize >OpenLDAP and AD database. > >There can be more choices in this topic. > >-- >Tomasz Onyszko - [EMAIL PROTECTED] >http://www.w2k.pl > >List info : http://www.activedir.org/mail_list.htm >List FAQ : http://www.activedir.org/list_faq.htm >List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ >List info : http://www.activedir.org/mail_list.htm >List FAQ : http://www.activedir.org/list_faq.htm >List archive: >http://www.mail-archive.com/activedir%40mail.activedir.org/ -- signat-url: http://www2.potsdam.edu/prescor/signat-url.htm List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/