Re: [ActiveDir] ADAM with Domain

[Joe Kaplan]

ADAM integrates with the domain in a few ways.

When an ADAM server is a domain member, then ADAM can be used to 
authenticate domain users via LDAP authentication (using secure bind or 
simple bind with bind proxies).


ADAM will also get its password policy from the machine password policy 
applied by the DC if it is a domain member.


The other important consideration with ADAM as a domain member (in my view) 
is that if you will have replicating ADAM instances, it is a bit ugly to get 
the RPC security working for replication if you aren't using domain member 
servers.  You end up having to do a hackish thing of having shadowed 
accounts with the same name and password on each machine to get it to work, 
and that is a management hassle.


The actual ADAM LDAP directory doesn't have anything to do with the AD LDAP 
directory.  The only way to get AD objects into ADAM (or vice versa) is with 
some sort of a sync process.  They do not replicate or share any directory 
data.


You can definitely use the full range of X500 naming styles with ADAM 
instead of just the DNS-based root naming convention that AD requires 
("DC=domain,DC=com" and such), so you can likely accomplish your goal.


HTH,

Joe K.

- Original Message - 
From: "Matt Brown" <[EMAIL PROTECTED]>

To: 
Sent: Friday, September 29, 2006 11:25 AM
Subject: [ActiveDir] ADAM with Domain



How does ADAM integrate with a domain? Will they be completely separate
directories or can they somehow be joined together?

I'm wanting to use an X.500 name for the ADAM instance.

Thanks in advanced for the help provided,
--
Matt Brown
IT System Specialist
Eastern Washington University


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx 


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] ADAM with Domain

[Dmitri Gavrilov]

Something else that you can do to "connect" the two is to set up
(perhaps mutual) external crossrefs. Then, they would appear as a
contiguous LDAP space, and will issue referrals to each other as needed.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Joe Kaplan
Sent: Friday, September 29, 2006 10:29 AM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] ADAM with Domain

ADAM integrates with the domain in a few ways.

When an ADAM server is a domain member, then ADAM can be used to 
authenticate domain users via LDAP authentication (using secure bind or 
simple bind with bind proxies).

ADAM will also get its password policy from the machine password policy 
applied by the DC if it is a domain member.

The other important consideration with ADAM as a domain member (in my
view) 
is that if you will have replicating ADAM instances, it is a bit ugly to
get 
the RPC security working for replication if you aren't using domain
member 
servers.  You end up having to do a hackish thing of having shadowed 
accounts with the same name and password on each machine to get it to
work, 
and that is a management hassle.

The actual ADAM LDAP directory doesn't have anything to do with the AD
LDAP 
directory.  The only way to get AD objects into ADAM (or vice versa) is
with 
some sort of a sync process.  They do not replicate or share any
directory 
data.

You can definitely use the full range of X500 naming styles with ADAM 
instead of just the DNS-based root naming convention that AD requires 
("DC=domain,DC=com" and such), so you can likely accomplish your goal.

HTH,

Joe K.

- Original Message - 
From: "Matt Brown" <[EMAIL PROTECTED]>
To: 
Sent: Friday, September 29, 2006 11:25 AM
Subject: [ActiveDir] ADAM with Domain


> How does ADAM integrate with a domain? Will they be completely
separate
> directories or can they somehow be joined together?
>
> I'm wanting to use an X.500 name for the ADAM instance.
>
> Thanks in advanced for the help provided,
> --
> Matt Brown
> IT System Specialist
> Eastern Washington University
>
>
> List info   : http://www.activedir.org/List.aspx
> List FAQ: http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ml/threads.aspx 

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx