Re: [ActiveDir] Incorporating external users.......
Smith, Brad wrote: (...) What other issues/considerations have list reader come across when incorporating large amounts of external users? If You are building this solution from the scratch or You can do some development on Your web app I will strongly encourae You to take a ook at ADFS services which will be shipped with Windows 2003 R2 in this year. Some food for reading: http://download.microsoft.com/download/d/8/2/d827e89e-760a-40e5-a69a-4e75723998c5/ADFS_Overview.doc http://www.microsoft.com/downloads/details.aspx?FamilyID=062f7382-a82f-4428-9bbd-a103b9f27654&DisplayLang=en -- Tomasz Onyszko http://www.w2k.pl List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Incorporating external users.......
Thanks, I will certainly look into that . I neglected to mention that I need to have a solution ready for pilot within Dec/Jan time frame. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko Sent: 08 November 2005 10:06 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Incorporating external users... Smith, Brad wrote: (...) > > What other issues/considerations have list reader come across when > incorporating large amounts of external users? If You are building this solution from the scratch or You can do some development on Your web app I will strongly encourae You to take a ook at ADFS services which will be shipped with Windows 2003 R2 in this year. Some food for reading: http://download.microsoft.com/download/d/8/2/d827e89e-760a-40e5-a69a-4e75723 998c5/ADFS_Overview.doc http://www.microsoft.com/downloads/details.aspx?FamilyID=062f7382-a82f-4428- 9bbd-a103b9f27654&DisplayLang=en -- Tomasz Onyszko http://www.w2k.pl List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This message has been scanned for viruses by MailControl - (see http://bluepages.wsatkins.co.uk/?4318150) This email and any attached files are confidential and copyright protected. If you are not the addressee, any dissemination of this communication is strictly prohibited. Unless otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Incorporating external users.......
Smith, Brad wrote: Thanks, I will certainly look into that . I neglected to mention that I need to have a solution ready for pilot within Dec/Jan time frame. You can test Your solution with Windows 2003 R2 RC now - it is working with Windows SharePoint Services from R2 server and with .NET application if You make them claim-aware. I don't remember time frame for R2 but it should be available at the end of this year so I think that if You find ADFS suitable for Your needs and You can start working with RC version You will be ready on this date. -- Tomasz Onyszko http://www.w2k.pl List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Incorporating external users.......
Our domain level is at W2K Native, and isn't to be upgraded until the DCs are migrated to W2K3 around March next year. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko Sent: 08 November 2005 10:25 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Incorporating external users... Smith, Brad wrote: > Thanks, I will certainly look into that . I neglected to mention that > I need to have a solution ready for pilot within Dec/Jan time frame. You can test Your solution with Windows 2003 R2 RC now - it is working with Windows SharePoint Services from R2 server and with .NET application if You make them claim-aware. I don't remember time frame for R2 but it should be available at the end of this year so I think that if You find ADFS suitable for Your needs and You can start working with RC version You will be ready on this date. -- Tomasz Onyszko http://www.w2k.pl List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This message has been scanned for viruses by MailControl - (see http://bluepages.wsatkins.co.uk/?4318150) This email and any attached files are confidential and copyright protected. If you are not the addressee, any dissemination of this communication is strictly prohibited. Unless otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Incorporating external users.......
Windows 2003 r2 Enterprise [not standard] [and not a free upgrade] Tomasz Onyszko wrote: Smith, Brad wrote: (...) What other issues/considerations have list reader come across when incorporating large amounts of external users? If You are building this solution from the scratch or You can do some development on Your web app I will strongly encourae You to take a ook at ADFS services which will be shipped with Windows 2003 R2 in this year. Some food for reading: http://download.microsoft.com/download/d/8/2/d827e89e-760a-40e5-a69a-4e75723998c5/ADFS_Overview.doc http://www.microsoft.com/downloads/details.aspx?FamilyID=062f7382-a82f-4428-9bbd-a103b9f27654&DisplayLang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Incorporating external users.......
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Windows 2003 r2 Enterprise [not standard] [and not a free upgrade] Yes, that is a pain. The good thing is that if you want to use ADFS You don't have to upgrade all of your servers in organization. It can be deployed in Windows 2000 networks as well - of course it will require ADSF Server on WIndows 2030 R2 and Windows 2003 R2 for IIS boxes. ADFS Web SSO Agent will be shipped (AFAIK) in Standard version as well so deploying ADFS will require at least (in simple scenario): - Windows 2003 R2 Ent for ADFS Server - Windows 2003 R2 Std for each IIS box hosting .NET claim aware application -- Tomasz Onyszko http://www.w2k.pl List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Incorporating external users.......
That I'm not sure of I do know the R2 grid indicates ADFS only in Enterprise. Tomasz Onyszko wrote: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: Windows 2003 r2 Enterprise [not standard] [and not a free upgrade] Yes, that is a pain. The good thing is that if you want to use ADFS You don't have to upgrade all of your servers in organization. It can be deployed in Windows 2000 networks as well - of course it will require ADSF Server on WIndows 2030 R2 and Windows 2003 R2 for IIS boxes. ADFS Web SSO Agent will be shipped (AFAIK) in Standard version as well so deploying ADFS will require at least (in simple scenario): - Windows 2003 R2 Ent for ADFS Server - Windows 2003 R2 Std for each IIS box hosting .NET claim aware application -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] Incorporating external users.......
Tomasz Onyszko wrote: Just as an update ADFS reuqirements from Technet web page: http://technet2.microsoft.com/WindowsServer/en/Library/1c2f6235-833a-421e-8529-3e9cd97da6771033.mspx -- Tomasz Onyszko http://www.w2k.pl List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Incorporating external users.......
> [mailto:[EMAIL PROTECTED] On Behalf Of Susan > Bradley, CPA aka Ebitz - SBS Rocks [MVP] > > Windows 2003 r2 Enterprise [not standard] [and not a free upgrade] > Excepting for customers with Software Assurance, and you only need the enterprise version on the Federation Servers and Federation Server Proxies. Ulf List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Incorporating external users.......
Just as an update. We have decided on an additional and new separate Forest/Domain infastructure to host external user accounts... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: 08 November 2005 22:24 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Incorporating external users... > [mailto:[EMAIL PROTECTED] On Behalf Of Susan > Bradley, CPA aka Ebitz - SBS Rocks [MVP] > > Windows 2003 r2 Enterprise [not standard] [and not a free upgrade] > Excepting for customers with Software Assurance, and you only need the enterprise version on the Federation Servers and Federation Server Proxies. Ulf List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This message has been scanned for viruses by MailControl - (see http://bluepages.wsatkins.co.uk/?4318150) This email and any attached files are confidential and copyright protected. If you are not the addressee, any dissemination of this communication is strictly prohibited. Unless otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Incorporating external users.......
Brad, We are implementing the same forest/domain structure as you are (ie, separate for external user access) and for the same purpose. We do not have a trust to the internal "core" domain/forest; internal users who need access to the extranet domain must have separate accounts. The other tweak I've done is to have the external user accounts in a separate OU with the business unit doing some of the account provisioning. A major issue, I think, is to ensure lifecycle management of these external user accounts, just as you would internal--otherwise a lot of junk could accumulate rather quickly. AL Al Maurer Service Manager, Naming and Authentication Services IT | Information Technology Agilent Technologies (719) 590-2639; Telnet 590-2639 http://activedirectory.it.agilent.com -- "Cry 'Havoc!' and let slip the dogs of war" - Anthony, in Julius Caesar III i. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Smith, Brad Sent: Thursday, November 10, 2005 4:04 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Incorporating external users... Just as an update. We have decided on an additional and new separate Forest/Domain infastructure to host external user accounts... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ulf B. Simon-Weidner Sent: 08 November 2005 22:24 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Incorporating external users... > [mailto:[EMAIL PROTECTED] On Behalf Of Susan > Bradley, CPA aka Ebitz - SBS Rocks [MVP] > > Windows 2003 r2 Enterprise [not standard] [and not a free upgrade] > Excepting for customers with Software Assurance, and you only need the enterprise version on the Federation Servers and Federation Server Proxies. Ulf List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This message has been scanned for viruses by MailControl - (see http://bluepages.wsatkins.co.uk/?4318150) This email and any attached files are confidential and copyright protected. If you are not the addressee, any dissemination of this communication is strictly prohibited. Unless otherwise expressly agreed in writing, nothing stated in this communication shall be legally binding. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
