You can only promote a replica using windows creds. There's no point it trying to lock ADAM out of windows users. See my other post.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of F. Javier Jarava Sent: Tuesday, October 24, 2006 11:30 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] AD/AM replica instances and ADAM user-based admin.. Hi all! On my attempt to get familiar with ADAM, I am running into something that (might) become a bit of a showstopper for what I'm trying to do: I have an ADAM SP1 instance with one app. partition. I have created a user in the config. partition (CN=adamadmin,CN=Roles,CN=Configuration,CN={GUID}), with a password and userPrincipalName=adamadmin (yes, not stretching my mind here ;). The user is a member of the Administrators group of the config. partition. To implement "role splitting" between AD users and ADAM users, the Windows account that was part of the Administrators group has been removed (I haven't deleted the "link" in CN=ForeignSecurityPrincipals,CN=Configuration, only removed the account from the Administrators group). In this way, I can log-on using ldp and other apps, and things seem to work fine. The problem arises when I try to set up a new ADAM replica instance. The "new instance" wizard in one of the steps asks for the credentials of a user that is administrator of the "original" instance. I've tried providing the "adamadmin" credentials, but it complains that I have to qualify the user account with a computer account name. I have created a second "adam administrator" (CN=adadmsyncuser,CN=Roles...) user whose userPrincipalName is of the form [EMAIL PROTECTED], but to no avail.. So my question is: Is it *necessary* for a Windows user account to be an Administrator in ADAM to be able to replicate the instances? Thanks a lot. Best regards, Javier Jarava [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
