Active directory discussion....

Similar Messages

• Discussion and Announcement Services in webcenter Spaces + Active Directory

  I had successfully customized Discussion and announcement Services in webcenter spaces using the default authenticator user WEBLOGIC. And it was working fine.
  I was able to post and configure announcement and also able to create forums and threads in webcenter spaces.
  Now i have Successfully integrated my ACTIVE DIRECTORY to WLS. And now i want to configure discussion and announcement using active directory users. i am facing problem in it. I am able to login to Webcenter spaces as well as 8890/owc_discussions and also in 8890/owc_discussions/admin (jive forum admin) using AD users. i have also given admin roles to ACTIVE directory users in 8890/owc_discussions/admin under Global Settings -> Admins & Moderators .
  When I tried to configure Discussion and announcement Services in webcenter spaces it gives me errors like.....
  (1) The service did not get provisioned.
  (2) failure to authenticate the user *******, due to: Unable to connect to discussion server.*
  Do i need to make changes in keystore.properties & jive_crypto.jar ? Do i need to make a new connection in EM inside WebCenter > Service Configuration.
  Please help.
  Thanks

  Have you set up ws-security between your webcenter and discussion server? If not you need to set it up to get rid of the authentication error.
  Are you setting up a single-sign on between all webcenter components using OAM? If so there is an additional step to add/update owc_discussions.sso.mode property under discussion admin.

• How do I setup Active Directory and Group Policy on Windows Server 2012?

  I work for a school district that uses a Windows 2012 server with about 400 Windows 7 PCs and 150 Mac PCs. We are set up with Roaming Profiles on the PCs and would like to be able to setup Active Directory, Group Policy, and Roaming Profiles on our macs. (We also have a mac server that they are using as a file server only) As we are a school, our funds are very low. Now for the questions...
  Is there a software that allow us to accomplish this?
  Is there a free solution or a very reduced price option to do this?
  I heard that http://www.centrify.com/products/mac-edition.asp may accomplish this and I read something about it on here but didn't know if this is what I was really trying to do becuase it was marked as "The Golden Triangle" and did not mention Raoming Profiles. This is the link though: https://discussions.apple.com/message/17200059#17200059
  Any help would be greatly appreciated.

  The above reply does not take into account that I am trying to use GROUP POLICY EDITOR to make it the default browser.

• Active Directory login soooo slow with 10.4.11 client upgrades

  Hi All,
  I have a problem and hopefully someone will be able to help me.
  We have around 30 Macs in and a golden triangle set up with Mac OS X Server 10.3 on Xserves and a Windows Server 2003 as the PDC and primary DNS server.
  Basically, after upgrading the clients to 10.4.11 the log in process takes an extra 90 seconds to connect. The login window will appear but you are not able to log in until after 90 seconds. During the 90 seconds there are "Some Network Accounts Available" but this is just the Open Directory accounts in the background.
  I have tested with 10.4.4 up to 10.4.10 and this problem does not appear but once I upgrade to 10.4.11 then the problem comes back so I don't believe it is a server orientated problem.
  I also attempted using the old Active Directory plug-in within Directory Access from 10.4.8 and 10.4.10 in place of the one installed with 10.4.11 and this did not help with the matter.
  Does anyone know what has changed with 10.4.11 and what I could possibly do to resolve this problem?
  I probably haven't covered all the bases so let me know if you need more information.
  Dehsinotsa

  Answered at http://discussions.apple.com/message.jspa?messageID=13129261

• Mobile Account and Active Directory home folder

  We install a XServe server (Mac OS X 10.6.3). We join it to Active Directory for authentification and Open Directory for policy. I read the magic triangle on the web.
  I mount a MacBook Pro with Mac OS X 10.6. I join it to AD and after to OD. When I configure an account to be mobile, the home folder configure in AD stop to mount automatically. If the account is not mobile the home folder mount correctly.
  Somebody has an idea of waht happen?

  Hello, sifeduc, and welcome to the AppleBoards,
  This really seems like a Directory Services question and is probably best suited to this board: http://discussions.apple.com/forum.jspa?forumID=1353
  That being said are you talking about Portable Home Directories? If so PHDs should be created on the server first and on the client second. If you have a client account you want to sync to the OD you need to delete the client account - *but leave it in place* - create a server account and then use the local account which will then sync to the server. The steps for this are a little more complicated than that but not much.
  Good Luck,
  =Tod

• Create a User account in active directory from SharePoint online 2013 list data

  Hello,
  I am trying to create a SharePoint list through which i can create a user account into active directory, 
  1 - HR is sending the detail in the email body to a Specific email address  ([email protected]) like below..
  First Name: XYZ
  Last Name: ABC
  Address: ABC 123
  Designation: Analyst
  Employee ID: 10492
  and so on 
  2 - I need to pickup every new email data of the above section into sharepoint list (in Column)
  First Name        Last Name       Address         Designation   Employee ID   
  3 - I want to create a event receiver through which i can go ahead and find the new data in the list and then create a user in the active directory,
  I tried very hard and since i dont have much experience in coding part,  any help will be highly appreciated
  Thank you 
  Aman 

  1- Configure Incoming Email Setting at your SharePoint Farm -
  https://technet.microsoft.com/en-us/library/cc262947.aspx
  http://blogs.technet.com/b/harmeetw/archive/2012/12/29/sharepoint-2013-configure-incoming-emails-with-exchange-server-2013.aspx
  2- Configure your Sharepoint List Incoming e-mail settings for [email protected] - ListSetting-Communications->Incoming e-mail settings. -
  https://support.office.com/en-in/article/Enable-and-configure-e-mail-support-for-a-list-or-library-dcaf44a0-1d9b-451a-84c7-6c52e7db908e
  3- Write an Incoming Email Receiver , and Add you Email Body Parsing Code (retrive value of fields , firstname , lastname etc) in
  EmailReceived() method. also add the code for adding new user in Active Directory
  http://blogs.msdn.com/b/tejasr/archive/2010/03/06/event-handler-code-to-add-incoming-emails-with-subject-discussion-id-as-replies.aspx
  https://pholpar.wordpress.com/2010/01/13/creating-a-simple-email-receiver-for-a-document-library/
  4-  Active Directory Code Help -
  http://www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C
  http://www.codeproject.com/Tips/534718/Add-User-to-Active-Directory
  Thanks
  Ganesh Jat [My Blog |
  LinkedIn | Twitter ]
  Please click 'Mark As Answer' if a post solves your problem or 'Vote As Helpful' if it was useful.

• Process flow - Active Directory integration with Enterprise Portal

  Hi
  I have seen number of documents/forum discussions on integrating Microsoft Active Directory (LDAP) with Enterprise Portal, but unable to find out the process flow for achieving the same.
  I have installed Enterprise Portal 6 (SP13) running on Web AS 640 (J2EE Standalone). The UME is currently configured to use Java database. (i.e datasourceconfiguration_database_only.xml)
  I intend to proceed as below for integrating with Active Directory and integrate with Windows authentication:
  1) Configure UME to use an LDAP Server as Data Source using Config Tool
  http://help.sap.com/saphelp_erp2004/helpdata/en/cc/cdd93f130f9115e10000000a155106/frameset.htm
  2) Configure Enterprise Portal UME i.e http://<host name>:50000/irj - System Administration - System Configuration - UM Configuration
  <b>Should I configure Data Sources & LDAP Server here as I have already configured these using J2EE Config tool (point no.1).</b>
  3) Integrate Windows authentication with EP using IISProxy module.
  I hope the above will enable me to logon to Portal without supplying username and password once you are logged on to the PC using your Windows user name and password.
  Also, any schema updates required to Activie Directory i.e What additional data is stored in A.D.
  I would appreciate your guidance on this.
  Thanks in advance,
  Chandu

  Hi Chandau,
  you wanted that some users are not taken into account by the User Management Engine (UME).
  This behavior can be established by specifying the
  ume.ldap.negative_user_filter property for the LDAP data sources in the data source configuration file. Using this property one can define that all users and accounts that
  match the defined conditions are filtered out by the UME API.
  A detailed documentation can be found in the SAP Online Help:
  http://help.sap.com/saphelp_nw04/helpdata/en/9a/f43541b9cc4c0de10000000a1550b0/
  content.htm
  In the following example of a data source configuration file for Microsoft Active Directory
  Server the attribute userPrincipalName is used as Logon ID of a portal user id (j_user).
  Here the user accounts that have one of the following Logon ID’s (index_service,
  notificator_service and cmadmin_service ) are filtered out.
  <dataSources>
  </dataSource>
  <dataSource id="CORP_LDAP">
  <privateSection>
  <ume.ldap.negative_user_filter>
  userPrincipalName=[index_service,notificator_service,cmadmin_service]
  </ume.ldap.negative_user_filter>
  </privateSection>
  </dataSource>
  </dataSources>

• Active Directory Permissions to Profile Manager

  Hopefully this will help anyone else who runs into this trouble.
  OSX 10.9
  Server App 3.0.1
  We have a profile manager server setup using our Active Directory. After initial setup the system was working fine and all users could access the services.
  In attempting to adjust the web service the permissions for service was turned on and domain users could no longer log in to enroll devices.
  To resolve this issue I worked through the following steps.
  In Server App > Groups found Domain Users (The group containing all users in the domain)
  Clicked the Gear and choose Edit Access to Service
  Checked off Profile Manager.
  I then added Domain Users to the Local Workgroup and allowed the same access to services. This could be done with a different group if needed.
  It may work at this point but as an additional step you can install the Workgroup manager tool from Apples Download site. http://support.apple.com/kb/DL1698
  Log int to your Local Directory, I used /LDAPv3/127.0.0.1
  Find the group you added the permissions to in the local domain and add your Active  Directory Domain Users to that group.
  Hope this saves someone else the annoyances I went through.

  So after a little more trouble shooting as well I ended up using ths post after a backup of the database.
  To backup the database I use this Post - https://discussions.apple.com/thread/3791994
  pg_dump -U _devicemgr -h /Library/Server/ProfileManager/Config/var/PostgreSQL/ -c device_management > $HOME/device_management.sql
  And resetting the server app and database.
  https://discussions.apple.com/message/23925691?tstart=15#23925691?tstart=15
  Interstingly this pulled my old database info back in and restored some settings that had been lost. I'm not really sure why and wouldn't trust it to happen again.
  My issue is now that AD users have to log in twice. The first time they get a denyed error. Then they log out and login on the same browser or a differnt computer al together and they can get in.

• Re: Active Directory Login to Windows 2000 Server

  Continuing http://discussions.apple.com/thread.jspa?threadID=1277356&tstart=0
  So we were able to bind the Mac to the Active Directory Domain once the PC admins created an ID for the computer in their "forest". However the user doesn't have access to all the directories that she does from her PC.
  The AD admin keeps saying the we need to "Map to the share" - Yes, he's from the past!
  So the user on the PC side belongs to a groups called "torcomreg" that seems to give her access from the PC. She can access every other area except for the "Departments" share. (we can see Departments and open it - but we see nothing inside).
  Does anyone know how to use "Mappings" and what does "Map UID to attribute:" mean? Are we supposed to enter a UID for this user, or the ID of the shared attribute? How do we get this person access to the directory or the group membership - I'm convinced that this needs to be done on the AD server - but I don't know the verbiage that the admin needs from us.
  Thanks in advance - taking over the enterprise on Mac at a time - literally in this case.

  You can write an applescript to mount the appropriate shares, then compile the script as an executable.
  Make executable script a login item for the user.
  It's been a long time since I wrote the script, so I can't recall the exact syntax, but it goes to the effect of
  tell application "finder"
  begin tell
  mount "smb://server/share"
  end tell
  repeat for each share.

• How to purchase Azure Active Directory Premium?

  How do you purchase Azure Active Directory Premium?
  I have had a trial, which has expired. I get an email saying to go to the Intune (?) portal:
  Follow these easy steps to purchase a subscription: 
  1)   Sign in to the Microsoft Intune Account Portal, with your User ID
  2)   On the Admin page, on the left pane, under Subscriptions, click Manage.
  3)   Find Microsoft Azure Active Directory Premium trial, and click on it.
  4)   On the Subscription details page click Buy now.
  5)   Follow the steps in the purchasing wizard to complete the purchase process.
  There is no trial subscription and no way to purchase. There has been some discussion that you require an Enterprise Agreement to purchase it:
  http://azure.microsoft.com/en-us/pricing/details/active-directory/

  Hi, 
  If you login to portal.office.com with your username and password and then click on 'Purchase Services' on the left hand side you should be able to go ahead and directly purchase AAD Premium. http://www.edutech.me.uk/active-directory/azure-ad-premium-now-available-via-direct-purchase/
  Thanks, 
  James.

• AD Redesign / R​estructure / Tools which further Improve / Enhance Active Directory's USABILITY-CONSUMERIZATION

  Hello,
  This Study/Discussion can be beneficial for all of us,
  As we will be able to know or find out what all is best from the both Business as well as Technical aspects to
  in terms :
  AD as a Service.
  AD as an Application.
  Checking IPD for AD does provide details which for the most part are technical which is right as these details are more of best practices irrespective of the nature of function of any company.
  Still there are many tools/utilities/apps/solutions which an organization with
  1. Over 60,000 users/machines
  2. Over 100 Trust Relationships
  3.  Manufacturing sites/locations with equipment's/machinery whose operations-functionality must not be disturbed ever...
  These are few of Real and Practical scenarios Organizations has to manage and with AD once deployed you have to restrict or rather say live with it as this Directory-Service solution is not as Modular as some others are....
  This could be very exhaustive as it is purely an organizations decision.
  However with the help of this forum I want to know which are the best known and recommended tools/apps/solutions regarding the following: 
  1. User/Employee Type Differentiation- Attribute basis, Group-Membership basis more.. which are the known and recommended tools ?
           -  Tool 1
           -  Tool 2
           -  Tool 3
  2. Delegation Model -Delegation of Control/Management of AD objects (Dept./Role Specific) ?
           -  Tool 1
           -  Tool 2
           -  Tool 3
  3. Control Access Rights and Privileges so that resource is only accessible by the respective dept. - Security Policies - User Rights, App-locker/Software-Restriction, NTFS permissions-Claims Token which are other known tools and which all are recommended
  ones..?
           -  Tool 1
           -  Tool 2
           -  Tool 3
  Thanks!
  BR,
  An Extremist

  Hi,
  With Active Directory installed, we have below tools to use to manage AD:
  Active Directory Users and Computers
  Active Directory Domains and Trusts
  Active Directory Sites and Services
  In addition, we also have below command tools:
  Dcdiag, repadmin, adsiedit, ntdsutil and so on
  Please also refer to the below link for Active Directory Management Support Tools
  http://technet.microsoft.com/en-us/library/cc738135(v=ws.10).aspx
  Regards,
  Yan Li
  Regards, Yan Li

• What is Azure? Can it replace an on premise Active Directory?

  As you might guess, I'm a complete newbie to Azure and have no knowledge of it at all.
  I have a project for which I need to find the most efficient and cost effective solution. Rather than me ask questions, perhaps its better I explain the project and hopefully someone will be able to tell me if Azure will provide a solution.
  I have an on premise SBS 2003 R2 server which I need to replace due to the end of life of Server 2003 R2. This server provides, AD, Exchange and File & Print services to around 40 users. I have been given the remit of 'spend as little as possible
  and use Cloud services as much as possible' to achieve the migration but I don't want it to be at the expense of productivity and end user harmony.
  I have started trialling Office 365, which will hopefully take care of the File and Exchange side of things. So far the users have found it a bit frustrating trying to navigate to files on SharePoint. They are unable to effectively map a drive or explore
  to SharePoint and they are frequently asked to enter their O365 password, on top of their local domain password. Although I've not tried Single Sign On, it sounds like this might resolve the issues we're having with O365.
  From what I've heard, I'd need an on premise AD server in order to implement Single Sign On, so this means buying a new on premise 2012 server to replace the 2003 SBS server. This obviously means expense. I'm wondering if there is an alternative solution
  that addresses the Single Sign On problem and gives me AD features, such as group policy, but without the necessity for an on premise server. Ideally it would also give me print server features too.
  Has anyone any idea if Azure can provide an effective solution to my project or have any other solutions. If not, I'll have to get the on premise server.

  Hi TIMTAM73,
  This is actually a great topic around the position of Azure for the Enterprise environment and how Azure AD might help.
  You've earlier mentioned that you're currently trial-ing O365, for which I truly congratulate you. In my opinion, that's by far the best SaaS product for organizations looking for a professional Exchange, SharePoint and CRM solution.
  Please let me also introduce a new term to the discussion, namely Azure Active Directory (AAD, for short). AAD is what the entire Office 365 users & groups repository is based on.
  In terms of Windows Server Active Directory, if you're looking to domain-join your organizational computers after you ditch your ancient-WS2003 server, please be advised that AAD won't help, because currently AAD is NOT an LDAP, meaning that it's only
  a little more than a user&groups repository and that's it. However, because you were advised to look more into cloud services, please note that there's always the option of deploying a VM with Windows Server 2012 R2 installed and install the role of Active
  Directory Domain Services on it. This also means that you get LDAP, but on a newer system.
  Afterwards, you'll have to worry how your organizational computers will join the domain you created "in the cloud". Here's where Azure Virtual Networks come in. Considering that you have a decent router, you have the option of creating a site-to-site
  VPN and thus connect your local LAN to a network of cloud services which will be hosted on the same IP classes where your computers are: voila, you get domain-joined computers on a cloud-hosted VM.
  Lastly, because Exchange might be too expensive to acquire and maintain, I suggest you look into Office 365. Here, you have the option of using the so-called AD Connect (or the generally available and tested DirSync option) which will synchronize your users
  and (optionally) password hashes. Additionally, there's also the option of Single-Sing-On (SSO), which will help your users from having to regulary input their credentials.
  As for the File and Exchange things, you have a few options:
  Use OneDrive for Business and thus your users will get a OneDrive repo directly in File Explorer
  Deploy a VM on your cloud service which has the File and Document role installed, with the Work Folders feature and afterwords configure Work Folders on your users' Windows 7/8 PCs
  ...or simply use a SMB share or FTP on that VM on Azue
  Please keep in mind that when it comes to document sharing, it would be best to add at least an additional data drive (with no write caching) and configure the shares on this/these drives. Never use the D:\ drive on the VM - that a temporary storage solution
  designed for caching in IIS, for example - or C:\ - the OS disk has write caching applied and you'll eventually get into lots of trouble with your users for loosing their data :).
  I hope this helps. I'll be happy to give you more insights and put you on the right track if you miss finding the right documentation.
  Alex

• Active directory member;range=0-999 issue

  Has anyone else run into a problem with active directory and
  it returning the member attribute with the range attached? I am
  running into this problem as discussed in a microsoft article (see
  below). The data comes back fine and I get all the records I need.
  BUT... the problem is the column name is returned as
  "member;range=0-999" instead of just member as in a normal active
  directory query. The problem is it has that semicolon in the column
  name so trying to loop through the query or get to that data keeps
  breaking it. So it is there, I just can't get to it. I have tried
  escaping the semicolon or aliasing the column name, but I just keep
  running into problems. I am hoping someone else has run up against
  this or knows ways to get around invalid column names in a query.
  If I have a resultset for a query that has a bad column name, how
  can I get to that data?
  When an Active Directory server returns the values of the
  member attribute as the result of a directory search query, its
  behavior varies depending on whether the total number of attribute
  values for that object exceed the maximum limit on values
  retrieved. For example, if a distribution list on a Windows 2000
  Server contains 1000 or fewer member values, a search query will
  return all of the values in a single call. However, if the list
  contains 2497 member values, the first call to the search query
  function will return the member attribute with no values, and an
  additional member;range=0-999 attribute that contains the first
  1000 member values. To retrieve the next group of member values,
  the search query should be repeated using a range specifier that
  begins at the attribute number one past the number of the previous
  group returned. In this example, the search query function would
  request the member;range=1000-* values, which would return the
  member;range=1000-* attribute with no values and a
  member;range=1000-1999 attribute with the next 1000 values. This
  process is repeated until the last group of values is retrieved.
  The end range on the last group retrieved from the server would be
  indicated by an asterisk (*) in the returned attribute name.

  I found I was able so solve this using the method found at
  the following address:
  http://www.bennadel.com/index.cfm?dax=blog:357.view

• Group Blogs when Active Directory is involved.

  I have an OS X server running 10.5.4, bound to Active Direcotry to create Apple's "Golden Triangle" My Mac users are able to authenticate against AD, but get their computer's preferences from the OS X server. It's working well. However, I am having some issue related to Web Services.
  I am trying to create a group blog for my dorm parents. I have tried a number of things, including the following:
  In Server Admin, under Web -> Sites -> Web Services I have checked the blog box, and then checked the "Wiki and blog" box.
  I have tried adding the following entities to the "Allow the follow to create wikis on this site:" box.
  AD Users
  OD Users
  AD Groups
  OD Groups
  In every case, the username or group name that I have added remains in the box for a short period of time and then disappears.
  I have even tried leaving the box empty to let my OD test user create a blog. That doesn't work so well at all.
  Any ideas? Any more info I can provide to help you help me?
  Thanks.
  Bill

  Here is my standard response to such issues. If this does not resolve your problem, let us know and hopefully someone will have the solution.
  I have been successful in doing the following for imported Active Directory (AD) users in both Advanced and Workgroup mode in 10.5.3:
  - creating calendars in iCal
  - subscribing to group calendars in iCal
  - accessing group Wiki's
  But there are a few workarounds that must be applied and some simple steps that must be followed in order to be able to get this functionality to work.
  Whenever people have a problem doing any of the above, I find that it's usually due to one of the following:
  1. The binding was not done correctly.
  The OD Master should have a binding to the AD server, and the client machine must be bound to both the OD Master and AD server. If the OD Master or client machine cannot bind to the AD server, it could be that these machines are not entered into the DNS, and/or are not entered in forward/reverse check. (I'm not an expert on DNS so I won't speak to that.)
  2. An older version of Leopard server is being used.
  It's been my experience that the OD/AD config works much better in 10.5.3. In fact, the version of Workgroup Manager (WGM) that was released in 10.5.3 provides a means for enabling calendaring for imported AD users in Advanced mode. (Discussed below.) Before 10.5.3, I don't know of any way to enable calendaring for AD users in Advanced mode (although it worked in Workgroup mode).
  3. Workarounds to enable clear text for both iCal and Wiki have not been applied.
  Clear text authentication must first be enabled for both Wiki and iCal in order for certain functionality to work. So there are a couple of workarounds that must be applied.
  For Wiki, there is a KBase article that provides instructions and background info on this subject:
  http://docs.info.apple.com/article?artnum=306750
  For iCal, you must edit the caldavd.plist file for the following:
  <key>Authentication</key>
  <dict>
  <key>Basic</key>
  <dict>
  <key>Enabled</key>
  <false/> <----- change to true
  </dict>
  <key>Digest</key>
  <dict>
  <key>Algorithm</key>
  <string>md5</string>
  <key>Enabled</key>
  <true/> <---------- change to false
  <key>Qop</key>
  <string></string>
  </dict>
  <key>Kerberos</key>
  <dict>
  <key>Enabled</key>
  <true/>
  <key>ServicePrincipal</key>
  <string></string>
  </dict>
  </dict>
  4. AD users have not been imported.
  This primarily relates to calendaring. Binding to an AD server will allow you to see the AD users in WGM, but binding alone will not enable the users for calendaring.
  In Advanced mode, what you need to do is select the 'New Augmented User Records' item from the 'Server' window in WGM. In the resulting window, select the 'Calendar Server' from the drop down list at the bottom. Then select the AD user(s) you want to import.
  In Workgroup mode you would import the AD users using Server Preferences.

• Oracle Database Authentication against Microsoft Active Directory

  Hello
  Does anyone know if it is possible or can point me in the right direction of some documentation that discuss Oracle database user authentication against and Enterprise Directory Service, in my cases MS AD?
  My environment consists of Oracle RDBMS 10.2.0.3 on Linux Red Hat AS 4. Our users connect in from Window clients. I would like to know if there is a way to autheticate users from Windows to the database using LDAP based (AD) authentication. In oters words how do I configure authentication to be done for "identified globally accounts"? I know that the identified by globally accounts require the use of the CN which I have done, but it seems like there is some piece missing. Perhaps an Oracle schema or modification to Active Directory??
  So my questions are
  1. Is it possible to authenticate users against AD without the implementation of OID?
  2. Is there documentation someone has or can point me to that outlines the required steps?
  3. Anything I should know?
  I appreciate any help. The documentation I have found so far doesn't seem to be what I need... So I am looking for some advice.
  Thanks.

  Sure, two methods to auth from Oracle DB to MSAD:
  OID and OVD
  I am working on our own proof of concept configuring EUS connect to OVD with an MSAD as auth at the moment. OVD basically is presenting the database with OracleSchema and OracleContext info. And when you connect via netca (ldap.ora), you assign it as OID directory authentication type.
  Here's an OVD manual on Integrating with EUS (chapter 7 is for MSAD)http://www.oracle.com/technology/products/id_mgmt/ovds/pdf/e10286.pdf
  And this would be what the EUS config should look like:
  http://www.oracle.com/technology/deploy/security/database-security/howtos/eus-how-to.html
  If you've done everything in the first doc...
  Hope this answers your questions.