Ok here it is. You go to a authorized DHCP server and you right click and start to make a new scope. During the wizard for configuring the scope it should have a page that prompts you "Do you want to associate this subnet with a site in the AD for BALBAL domain?". What this would assure is that the DHCP subnets and "AD sites and services" subnet are logically link.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlos Magalhaes Sent: Thursday, August 12, 2004 2:30 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADAM attribute value Jon, Can you explain in a little more detail what you trying to do.. AD, ADAM or any LDAP programming? - http://groups.yahoo.com/group/adsianddirectoryservices Carlos Magalhaes Active Directory Programming MVP -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carr, Jonathan (OFT) Sent: Thursday, August 12, 2004 6:38 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADAM attribute value Hey Eric; If really want to make Windows AD better make the DHCP scopes tie in to the AD. As follows. If you make a scope on the DHCP server prompt for "Do want to define this subnet to a site in the AD" It would save time and help some of us. Thanks Jon -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, August 12, 2004 10:49 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADAM attribute value Even if you create an NC that is of type DomainDNS it doesn't assume that you have the DNS namespace or want to register in it. For example, in my environment here on my machine I have an NC that has the same name as an actual domain on the corporate network. I don't think the IT group would appreciate me registering in to their DNS zone. :) However that is not to say that you couldn't do something different. You're welcome to register SRV records for whatever you would like. We just don't do that for you today. In the future, who knows. There's always discussion around how to make these things better out of the box. ~Eric -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlos Magalhaes Sent: Thursday, August 12, 2004 9:37 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADAM attribute value Eric, "SCPs are a realiable way to detect ADAM instances assuming that ADAM/AD are configured to allow the registration of them. However using SCPs assumes 1) ADAM is running in a domain that is >=2k (not NT4) 2) ADAM service account is successfully registering those SCPs 3) You know what forest an instance is running in (further remember that not all instances have to run in the same forest)." It assumes quite a bit the main one is that you connected to the network at installation of ADAM, if you are not then it obviously does not create the SCP's. The assumption that you have permissions to register the SCP's is also quite interesting as - "The application that creates a connection point object, or any object, must have create child permissions for the object class to be created in the container where the object will be created." --- this assuming you are a Administrator or someone with similar power when installing ADAM. I am not saying my two methods are robust at all, I am just saying that the SCP's are not that great either. "The lack of robust DSA discovery was an intentional tradeoff we made when we allowed you to create NCs that have no alignment with DNS in any way. The fact that domain NCs align with a DNS namespace and we manditate the registration of those records means we can assume that certain records (SRV, A, etc.) are present for DSAs in that domain. Since ADAM has no such mandate to give the administrator flexibility, we lost the ability to make that assumption." How about the wizard to Select NC's and select which type of record to set in the Domain's DNS......... -- not that difficult. Always love these post :) C -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, August 12, 2004 3:44 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADAM attribute value I just read what your code is trying to do (should have before I posted, not just reply's). An additional point above and beyond discovery is detection of the DSA once connected. For that the most reliable mechanism is looking at supportedCapabilities off of RootDSE. Through that you can figure out if it is AD vs. ADAM, and also what version of each (AD on 2000, 2003, etc.) ~Eric ________________________________ From: Eric Fleischman Sent: Thu 8/12/2004 8:37 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADAM attribute value It is worth noting that the detection of ADAM, even using mechanisms Carlos outlined, is not nearly as robust as AD. It is a much higher overhead and he is also making assumptions (like you are an admin on all remote systems that you scan if looking in the registry, or you blindly scan ports across the network and probably annoy some others). SCPs are a realiable way to detect ADAM instances assuming that ADAM/AD are configured to allow the registration of them. However using SCPs assumes 1) ADAM is running in a domain that is >=2k (not NT4) 2) ADAM service account is successfully registering those SCPs 3) You know what forest an instance is running in (further remember that not all instances have to run in the same forest). The lack of robust DSA discovery was an intentional tradeoff we made when we allowed you to create NCs that have no alignment with DNS in any way. The fact that domain NCs align with a DNS namespace and we manditate the registration of those records means we can assume that certain records (SRV, A, etc.) are present for DSAs in that domain. Since ADAM has no such mandate to give the administrator flexibility, we lost the ability to make that assumption. My $0.02 ~Eric ________________________________ From: [EMAIL PROTECTED] on behalf of Harpreet_Kapoor Sent: Thu 8/12/2004 5:25 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADAM attribute value Hi , Thank you so much... I have not worked much on ADAM and you being a great help.. Can you send me the tool that you have prepared and tell me the changes that I need to make to my code in order to detect ADAM ? I shall be thankful if you do so. Also, how do I set the defaultNamingContext manually? Thanks, Harry ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlos Magalhaes Sent: Thursday, August 12, 2004 1:40 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADAM attribute value Harry, ADAM does not implement the domainDNS structure like Active Directory does, instead it uses Application Partitions in your case "dc=abcd,dc=com" , I am not saying that you can not add or use domainDNS, I am just trying to highlight that ADAM was not designed to work with the domainDNS structure like Active Directory was. You will also find that your RootDSE - defaultNamingContext is not populated by default as it is in Active Directory. You have to populate this attribute manually (very easy). Now about your code, I am not sure what you mean by "trying to find the value of ObjectClass" are you trying to find all objects using the LDAP filter "ObjectClass=*" ? The objectClass attribute contains the class of which the object is an instance, as well as all classes from which that class is derived. If you would like to see more detail including some code (which is what I think you trying to do) here is the link - http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/r etrieving_the_objectclass_property.asp Let us know how it goes. I also strongly suggest that you read ADAM's technical reference document, alot of work was put into it explaining these concepts and is one of the best ADAM documents around you can find it here -- http://www.microsoft.com/downloads/details.aspx?familyid=96c660f7-d932-4 f59-852c-2844b343f3e0&displaylang=en AD, ADAM or any LDAP programming? - http://groups.yahoo.com/group/adsianddirectoryservices Carlos Magalhaes Active Directory Programming MVP ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harpreet_Kapoor Sent: Thursday, August 12, 2004 9:46 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] ADAM attribute value We are trying to find the value of the "objectClass" attribute in ADAM. For this we wrote the following code : char *attrs[2] = {"objectClass", NULL}; LDAPMessage* result = NULL; int nResult = ldap_search_s (ld, "dc=abcd,dc=com", LDAP_SCOPE_SUBTREE, "objectClass=*", attrs, 0, &result); if (nResult != LDAP_SUCCESS) { return LDAPUTIL_GETVERSIONFAIL; } int nentries = ldap_count_entries(ld, result); if (nentries <= 0) { if (result != NULL) ldap_msgfree (result); return LDAPUTIL_SUCCESS; } LDAPMessage* e = ldap_first_entry (ld, result); char** vals = ldap_get_values (ld, e, attrs[0] ); int i=0; if (vals != NULL) { if (vals[i] != NULL) { cout<<"\n val[i] "<<vals[i]<<endl; i++; } ldap_value_free (vals); } if (result != NULL) ldap_msgfree (result); nResult = ldap_compare_s (ld, dcRoot, "objectClass","domainDNS"); if ((nResult == LDAP_COMPARE_TRUE)) { cout<<"Active Directory Application Mode(ADAM)"; return LDAP_SUCCESS; } Actually,our main aim is to find the value of objectClass for ADAM(Active Directory Application Mode)for use in ldap_compare_s().This is why we wrote the code above to find the value of the objectclass parameter. I have the following questions: 1)We have observed that domainDNS works for Active Directory.Does it also work for ADAM? In our case,it does not.If it does not,what is the attribute value of objectClass in case of ADAM?In my case, ldap_compare_s returns the value 0x10 which means that the attribute does not exist. However,in ADAM ,I can clearly see the attribute.But when I give this value in ldap_compare_s(), it returns the error code 0x10.Is there any other attribute which can be used to identify the dc objects on ADAM just as objectclass and its value domainDNS work for Active Directory. 2)ldap_get_values() returns a NULL .What could be the possible solution? My configuration settings: Root DN : dc=abcd,dc=com Thanks, Harry List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
