RE: [ActiveDir] AD & OpenLDAP

[Romeyn Prescott]

I want the users of the PCs I manage to authenticate against AD so I 
can use Group Policies to manage (or micromanage) their permissions 
on the computer based either on A) who they are and/or B) which 
computer it is.

Not having had a Windows server newer than NT4 to play/experiment 
with before now, I'm only going based on what I've read and seen 
others talk about on other lists.

We run SCT Banner on a VAX.  That is where all student data gets 
initially entered.  Changes to that data are frequently sent to 
another of our systems, and that userbase is mirrored to various of 
our other systems and services.

I sense I'm going to have a battle on my hands getting AD even turned 
ON in this environment.  So if it can be "quick, painless, and 
maintenance-free" that'd be a huge selling point for me.  :-)

...ROMeyn

At 9:22 AM -0500 11/4/04, Mulnick, Al scribbled:
Out of curiosity, why would you want Active Directory to not be "the" source
or user accounts and then want to sync with openldap?  Can you describe the
goals a little more and why you're wanting to put Active Directory into your
environment in the first place?  What planning have you already done?
Al
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tomasz Onyszko
Sent: Thursday, November 04, 2004 9:17 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] AD & OpenLDAP
On Thu, 4 Nov 2004 09:11:57 -0500, Romeyn Prescott wrote
 1) Does Active Directory come with Server 2003, or is it some sort of
 "add-on" which must be purchased separately.  (Microsoft's web site
 seems, in at least one location, to indicate that it comes with it,
 but I just want to be sure.)
It is built-in feature of Windows Server - You are establishing server as
domain controller by running dcpromo.exe on the server
 2) We have a relatively new OpenLDAP server (also running on Linux)
 which also mirrors our account base.  Given that we do NOT want the
 Windows 2003 server to be "the" source for our user accounts, is it
 possible to tell it to synchronize with an OpenLDAP server?  Is such a
 task "trivial," "complicated," or "impossible?"
Depending on the approach:
- You can write some scripts which will "monitor" OpenLDAP and will create
users in AD
- You can use products like for example MIIS 2003 to synchronize OpenLDAP
and AD database.
There can be more choices in this topic.
--
Tomasz Onyszko - [EMAIL PROTECTED]
http://www.w2k.pl
List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
--
signat-url: http://www2.potsdam.edu/prescor/signat-url.htm
List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/