Ramon Linan wrote:
You guys are amazing, in terms of AD knowledge, way out of league.
Anyway, I was the one asking about this application, I have more
questions.
First I must said, that I am waiting to hear from the vendor about
whether the app modifies the Schema or not, I got 2 emails from them,
one saying yes and the other saying no, it does not change it!!! :( I am
panicking already.
Here goes my question:
We have 2 offices, only 4 people in the HQ are going to be using this
app, so if the app changes the schema of AD it would be better to use
ADAM, is this right? Especially because I don't know how good if the
application going to be about cleaning AD if we don't use it anymore.
If we are talking about "cleaning" as about "cleaning" schema this can't
be done - You can't remove classes or attributes from schema, You can
only defunct them in Windows 2003.
The first vendor tech who replied to me said that the application
changes the schema, and he was saying that it has already changed the
schema in the submain, where all the current users for this application
are, is that possible? If I have domain.com and child.domain.com, can I
You should really consider using their application as obviously they
don't have basic AD knowledge or they are missing some concepts. Schema
is common for all domains in the forest, so If You will alter the schema
on schema master all domains in the forest will get this changes.
BTW to alter the schema You have to have really high privileges so:
1. Somebody let them to do something with schema admin privileges
2. They don't know what they are talking about.
change the schema of AD for a subdomain and not for the main domain?? I
though It was only one LDAP for the whole forest?, this does not make
sense considering the schema owner is the same for both child and main
domain. Can I say to the vendor how wrong he is or are there exception
to that situation?
You should ask them:
1. If their application is extending AD schema
2. If answer to 1 is Yes: do they have their specific OIDs numbers
registered and they are unique.
3. They should present You these changes as LDIFs and You should test it
in the lab.
If there a tool I can use that will compare the out of the box schema
for windows 2003+exchange with the current schema? Or do I have to use
adsiedit and try to figure out what is part of the app?
Schema Analyzer which comes with ADAM SP1 can do this:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9688F8B9-1034-4EF6-A3E5-2A2A57B5C8E4&displaylang=en
I am still waiting to receive an answer about the way these dudes
authenticate, simple bind, secure bind, Kerberos, or whatever.
--
Tomasz Onyszko
http://www.w2k.pl/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
