|
I agree with JoeK, keep this info all together. I have
visualized a system that synced back and forth to AD/AM though. But that was to
set it up so that the ACL manipulations were in AD/AM and then any changes in
AD/AM were doublechecked, logged, and then shot over to AD so you knew exactly
when changes occurred. Of course you can also do this through a web interface
but if you have anyone who manages large numbers of groups, they themselves will
probably want some programmatic mechanism to do updates.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, June 29, 2005 3:41 PM To: [email protected] Subject: RE: [ActiveDir] Group Management No, it seemed to make
more sense to put it in AD and keep it all in the same place. Using DN
syntax attributes to represent the users and groups allows us to take advantage
of any changes to those objects without having to implement a sync process and
gives us a lot of useful semantics such as no duplications and
such. There is a goofy sync
app that we have that pushes stuff one way to our Domino system that does use
some SQL for metadata, but that was a different circumstance. That whole
app could probably be replaced with MIIS very easily now if we had any will to
do so. Joe From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Brian
Desmond Did
you consider using SQL to store all the metadata for the groups? That’s what I’m
doing now, or planning to, but I’d be interested to hear if you debated this
what the final reasoning was. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. |
- RE: [ActiveDir] Group Management joe
- RE: [ActiveDir] Group Management joseph.e.kaplan
- RE: [ActiveDir] Group Management joseph.e.kaplan
- RE: [ActiveDir] Group Management joseph.e.kaplan
