the only way I know of with the AD/AM sync is from AD to AD/AM and not the other way around. #JORGE#
________________________________ From: [EMAIL PROTECTED] on behalf of Guy Teverovsky Sent: Sat 7/30/2005 1:58 AM To: [email protected] Subject: RE: [ActiveDir] OT: MIIS, ADAM, & AD I wonder whether anyone has tried the ADAM Synchronizer for similar scenarios: http://www.microsoft.com/downloads/details.aspx?familyid=06787254-d7f4-4fff-8e02-2609956cb19e&displaylang=en The documentation is pretty vague about the way the target objects are created. Guy ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Friday, July 29, 2005 5:03 PM To: [email protected] Subject: [ActiveDir] OT: MIIS, ADAM, & AD We have an upcoming project which will require an LDAP directory containing both our internal users, and our extranet users. Currently, our internal users are in one AD domain, the extranet users are in another. The domains are in separate forests, and there are no trusts. My plan is to use ADAM for the central LDAP directory. However, I'm on the horns of an enema, um, I mean dilemma on how to sync ADAM to the two domains. A first glance would suggest MIIS. However, MIIS looks pretty complicated, and difficult to configure. I'm considering writing my own sync code since the task at hand is relatively straight-forward. Passwords will be a bit of a problem, but not unworkable. We use Psynch to maintain our internal passwords, so I can have it change the ADAM passwords at the same time it changes the internal AD passwords. The extranet users change their password via an existing web app, so having it change the ADAM passwords won't be an issue. Reading about ADAM "proxy users" leads me to believe they'd be a perfect fit as the object type to use for our internal users (authentication is relayed to AD thus negating the need to sync passwords). However, the ADAM tech ref says proxy users should only be used as a last resort, and to refer to the next section as to why. Unfortunately, the next section doesn't explain why not to use them. Anybody know why proxy user objects are evil? Are there any good "MIIS for dummies" type documentation around? Any good ADAM and/or MIIS mailing lists? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
<<inline: winmail.dat>>
