Hi all!
On my attempt to get familiar with ADAM, I am running into something that
(might) become a bit of a showstopper for what I'm trying to do:
I have an ADAM SP1 instance with one app. partition. I have created a user
in the config. partition (CN=adamadmin,CN=Roles,CN=Configuration,CN={GUID}),
with a password and userPrincipalName=adamadmin (yes, not stretching my mind
here ;). The user is a member of the Administrators group of the config.
partition. To implement "role splitting" between AD users and ADAM users,
the Windows account that was part of the Administrators group has been
removed (I haven't deleted the "link" in
CN=ForeignSecurityPrincipals,CN=Configuration, only removed the account from
the Administrators group).
In this way, I can log-on using ldp and other apps, and things seem to work
fine.
The problem arises when I try to set up a new ADAM replica instance. The
"new instance" wizard in one of the steps asks for the credentials of a user
that is administrator of the "original" instance. I've tried providing the
"adamadmin" credentials, but it complains that I have to qualify the user
account with a computer account name. I have created a second "adam
administrator" (CN=adadmsyncuser,CN=Roles...) user whose userPrincipalName
is of the form [EMAIL PROTECTED], but to no avail..
So my question is: Is it *necessary* for a Windows user account to be an
Administrator in ADAM to be able to replicate the instances?
Thanks a lot.
Best regards,
Javier Jarava
[EMAIL PROTECTED]
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/[email protected]/
