Depends on the user. ;o)
-- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of F. Javier Jarava Sent: Wednesday, October 25, 2006 6:56 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] ADAM-ADSIEDIT and "adam-user-based" administration.. (ADAM SP1) Thanks for the tip... It's much more "user-friendly" than ldp (thats not saying much, I know :) -----Mensaje original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Ansar Mohammed Enviado el: miércoles, 25 de octubre de 2006 9:03 Para: ActiveDir@mail.activedir.org Asunto: RE: [ActiveDir] ADAM-ADSIEDIT and "adam-user-based" administration.. (ADAM SP1) Use ldapeditor (http://www.ldapeditor.com) Version 3 supports simple binds, ntlm and anonymous logins. New version due in November should support Kerberos and Digest. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] On Behalf Of Dmitri Gavrilov > Sent: October 24, 2006 3:28 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] ADAM-ADSIEDIT and "adam-user-based" > administration.. (ADAM SP1) > > Until Longhorn, ADAM-ADSIEdit will not support simple binds, sorry. LDP > is your only option. > > Second -- you cannot protect *anything* on a joined machine from an AD > admin. If you don't trust them, leave the domain. That's the only way. > For example, a builtin admin on the machine can bind to ADAM instance, > take ownership of an object and update its security descriptor to grant > herself any rights she needs. > Even if we were to lock ADAM down, she would still be able to debug the > adam service, and still do anything she wants. > > Dmitri > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of F. Javier > Jarava > Sent: Tuesday, October 24, 2006 10:27 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] ADAM-ADSIEDIT and "adam-user-based" > administration.. (ADAM SP1) > > Hi all!! > > I'm (trying to) get up to speed with AD/AM, but I seem to be hitting > some > glitch. So, please, if I'm doing something stupid, please do tell me: > > As of ADAM SP1, it's possible to create ADAM users in the config. > partition, > thus making it possible for an ADAM user to be the administrator of a > replica set. In this wey, it'd be possible to maintain some role > separation > between the users of the Domain and ADAM roles/users. (I'm interested in > using ADAM to store security-related data, so I'd love to be able to > have a > securuty admin that is not an AD admin, but I digress)... > > The thing is, I manage to add an ADAM user as per the instructions on > the > ADAM docs, and I can bind using LDP and simple security. The problem is > that > I haven't been able to do the same with ADAM-ADSIEDIT... Do anybody > knows > how you can set "advanced" connection options or, barring that, what you > have to do to get ADAM-ADSIEDIT to use an ADADM user to logon? > > Of course, I know that it "ought" to be possible to do all admin. tasks > from > LDP, but it's a bit... Not too user friendly ;) > > Thanks a lot in advance. > > Best Regards > > Javier Jarava > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
