Until Longhorn, ADAM-ADSIEdit will not support simple binds, sorry. LDP is your only option.
Second -- you cannot protect *anything* on a joined machine from an AD admin. If you don't trust them, leave the domain. That's the only way. For example, a builtin admin on the machine can bind to ADAM instance, take ownership of an object and update its security descriptor to grant herself any rights she needs. Even if we were to lock ADAM down, she would still be able to debug the adam service, and still do anything she wants. Dmitri -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of F. Javier Jarava Sent: Tuesday, October 24, 2006 10:27 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] ADAM-ADSIEDIT and "adam-user-based" administration.. (ADAM SP1) Hi all!! I'm (trying to) get up to speed with AD/AM, but I seem to be hitting some glitch. So, please, if I'm doing something stupid, please do tell me: As of ADAM SP1, it's possible to create ADAM users in the config. partition, thus making it possible for an ADAM user to be the administrator of a replica set. In this wey, it'd be possible to maintain some role separation between the users of the Domain and ADAM roles/users. (I'm interested in using ADAM to store security-related data, so I'd love to be able to have a securuty admin that is not an AD admin, but I digress)... The thing is, I manage to add an ADAM user as per the instructions on the ADAM docs, and I can bind using LDP and simple security. The problem is that I haven't been able to do the same with ADAM-ADSIEDIT... Do anybody knows how you can set "advanced" connection options or, barring that, what you have to do to get ADAM-ADSIEDIT to use an ADADM user to logon? Of course, I know that it "ought" to be possible to do all admin. tasks from LDP, but it's a bit... Not too user friendly ;) Thanks a lot in advance. Best Regards Javier Jarava List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
