MIIS looks pretty complex, but it is something that can be figured out (I've gotten it working so it can't be that hard ;) The thing I found with MIIS is that things aren't where you think they would be, and some switches/options do things that you're not expecting. There are some good Q articles about getting MIIS working, but I never looked for a book or anything.
My question is: what are you going to be using the central LDAP directory for? Phil On 7/29/05, Ken Cornetet <[EMAIL PROTECTED]> wrote: > We have an upcoming project which will require an LDAP directory containing > both our internal users, and our extranet users. Currently, our internal > users are in one AD domain, the extranet users are in another. The domains > are in separate forests, and there are no trusts. > > My plan is to use ADAM for the central LDAP directory. However, I'm on the > horns of an enema, um, I mean dilemma on how to sync ADAM to the two > domains. A first glance would suggest MIIS. However, MIIS looks pretty > complicated, and difficult to configure. > > I'm considering writing my own sync code since the task at hand is > relatively straight-forward. Passwords will be a bit of a problem, but not > unworkable. We use Psynch to maintain our internal passwords, so I can have > it change the ADAM passwords at the same time it changes the internal AD > passwords. The extranet users change their password via an existing web app, > so having it change the ADAM passwords won't be an issue. > > Reading about ADAM "proxy users" leads me to believe they'd be a perfect fit > as the object type to use for our internal users (authentication is relayed > to AD thus negating the need to sync passwords). However, the ADAM tech ref > says proxy users should only be used as a last resort, and to refer to the > next section as to why. Unfortunately, the next section doesn't explain why > not to use them. Anybody know why proxy user objects are evil? > > Are there any good "MIIS for dummies" type documentation around? Any good > ADAM and/or MIIS mailing lists? List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
