Active Directory - Forte/UDS integration

Similar Messages

• Wireless Deployment with Active Directory User Group Integration

  I am trying to find out the best practice in deploying a WLAN for users in the cooperate environment, which uses their company active directory integrated laptops to join to the WLAN.
  I know this can be done using certificates easily but I want to just find a way to deploy this without certificates and only based on the AD user group. Maybe a Radius server + LDAP server integration solution would be great.
  Please advice. Thanks.
  Cheers
  Lal Antony
  www.lalantony.com

  The easiest way to deply this is with a Microsoft toolkit, it has everything you need included, manuals, scripts to install and configure server-side components and it's very easy to use. You can get it from here:
  http://www.microsoft.com/downloads/en/details.aspx?FamilyID=60c5d0a1-9820-480e-aa38-63485eca8b9b&displaylang=en
  It's based on Win2003 server but I've been advised by MS that it should be OK on Win2008 as well.

• OIM 9.1.0 Integration with Active Directory 2008 R2

  Hi,
  My customer is running Root/Child AD structure based on windows 2003 w/SP2, OIM 9.1.0 deployed under one of the child domains, and integrated with child domains controllers which runs windows server 2003 as well.
  My customer has decided to upgrade his AD to Windows Server 2008 R2 domain controllers across the entire AD Forest and still wants to integrate the current OIM v9.1.0 with AD for all of his Users provisioning and password synchronizations.
  Am not sure if current OIM version of OIM 9.1.0 is compatible and supported by OIM v9.1.0 under active directory version 2008 / R2, and not sure if it can be integrated with such AD version.
  Any guidance is really appreciated.
  Also I was thinking of such scenario but also not sure of its support ability and if OIM will keep working on such scenario, the scenario is to upgrade only the AD root domain to Windows 2008 R2 while keeping the child domain holding the OIM 9.1.0 at Windows 2003 version.
  Is this a working and supported scenario by OIM v9.1.0 ?

  I believe you question should be if the connector supports this architecture. Check out the versions supported for the connector you are using and you should be good.
  -Bikash

• Active Directory integration problem, Bind AC and OD

  Hi.
  I'm trying to set an Open Directory as "connect to a Directory System" because I have a windows 2000 server with Active Directory. But i have a problem when i click on "open directory Access", Access Directory appear and I select Active Directory.
  xxx.yyy is the server with active directory, with its admin and its password. but i cant Bind it and an error always appear.
  can you help me?
  what's "active directory domain"?is it xxx.yyy?
  and what's "computer ID"?
  Are there others parameters to set for example in DNS or other?
  help help help

  What are you trying to achieve by doing this?
  Got to http://www.afp548.com/ and serach for AD-OD integration.
  http://www.afp548.com/article.php?story=20051202151540574

• Using iChat Server with Windows clients in an integrated Active Directory/Open Directory environment

  A co-worker (Super Brent) and I were working on using iChat as an internal IM server after having used Openfire for a couple days. The reason for switching was basically that we had a Mac Mini Server that was available so we decided to take this on.
  First problem: Knowing whether or not Kerberos was needed for AD/OD integration. We spent a ton of time on this, not knowing a huge amount about AD and with our server administrator on courses, we just kept poking at it and removed Kerberos.
  For the AD/OD integration, we first bound the Mac Mini to our Active Directory server. We shut off LDAPv3 support as we only wanted to use the AD functionality. Additionally, we ensured that the search policy in Directory Utility only used Active Directory. Then we created an Open Directory master in the Open Directory service. We enabled a self-signed certificate and trusted it locally. After creating the iChat service, ensure that you use the self-signed SSL Certificate and set authentication to Standard. (no kerberos).
  Second problem: Once this was complete, we started to test clients out. We were unable to successfully login using our AD credentials using Spark IM and Pandium IM. After trying nearly 100 different variations of server configs, we decided to try a new client. I installed Miranda IM on my Windows XP machine and tried a few different setups. It turned out that the magic potion was to make sure that the "resource" field was set to "Home" and use SSL for encryption. This resource setting was the deal breaker for the other IM clients as many of them such as Spark and Pandium do not have this as a login option.
  We ended up using Pidgin IM as the Windows client of choice as it did have the resource variable and it's interface was the best suited for our environment and users.
  I hope this helps someone out there as we spent days looking all over the internet trying to figure this out.
  Cheers,
  Frenchy and Super Brent

  Hi,
  iChat Server is not something that I know a great deal about.
  I tend to point people to the OS  X Server Communities and to look out for posts by Tim Harris.
  Thanks for taking the time to post this.
  9:58 PM      Friday; February 10, 2012
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
    iMac 2.5Ghz 5i 2011 (Lion 10.7.3)
   G4/1GhzDual MDD (Leopard 10.5.8)
   MacBookPro 2Gb (Snow Leopard 10.6.8)
   Mac OS X (10.6.8),
  "Limit the Logs to the Bits above Binary Images."  No, Seriously

• Integrating OIM 9.1.0.2 - Active Directory NT 4.0

  Hi,
  I need to make the integration between:
  - Oracle Identity Manager 9.1.0.2
  - Active Directory NT 4.0,
  I found that connector according to the certification of Microsoft Active Directory User Management 9.1.1.7. The NT version of Active Directory is not supported than alternatives can be taken in this case.
  Very grateful for the support

  You should still be able to communicate with it via java ldap libaries so long as it is version "Windows NT 4.0 PDC release (the Windows 2000 alpha release)" or later.
  I would suggest you download the Sun Java System Directory connector. Go through the configuration lookups and change them to match the ldap values of Active Directory. Give that a shot. If it doesn't work, you'll most likely need to write your own connector using ldap libraries.
  -Kevin

• Integrating Final Cut Server 1.5 with Active Directory

  Following the directions in the Final Cut Server Setup Guide and I am running into errors. Fun with Final Cut Server. Fun with Kerberos.
  Final Cut Server v.1.5 is running on an Intel Xserve running 10.5.6 Server, joined to AD. Active Directory is running on a Windows Server 2008 setup.
  I dropped the ini files on the domain controllers, as directed by Apple KB (http://support.apple.com/kb/HT3688) and I ran the commands directed in the setup guide.
  The adprincadd command should be run literally, of course, but there's a mistake straight-away when it should read "./adprincadd.pl", the ".pl" is missing. Also it says "fcsvr/fqdn of fcsvr", so naturally I replaced the fqdn, but the "fcsvr" prefixed threw me off. It gave me errors until I opened Kerberos.app and notcied that the kerb ticket was in ldap/, then the command worked for me. At least no errors, until I checked the ticket and it said I had no permissions and that the keytab entry was invalid. Wheeee.
  1. First I tried:
  (some info redacted)
  node09:sbin root# ./adprincadd.pl -dc dc01.example.com. fcs.example.com.
  Getting kerberos principal for computer account
  Kerberos principal is ---
  Getting computer id...---
  Getting AD Domain...---
  Base DN is dc=example,dc=com
  getting kerb ticket using [email protected] got ticket
  SASL-bind to dc01.example.com. successful
  Computer record is at CN=---,CN=Computers,DC=example,DC=com
  Checking to see if ---.--.---. exists...000020B5: AtrErr: DSID-031529F7, #1:
  0: 000020B5: DSID-031529F7, problem 1005 (CONSTRAINTATTTYPE), data 0, Att 90303 (servicePrincipalName)
  at ./adprincadd.pl line 165
  2. Then I noticed the /ldap in Kerberos.app and changed the adprinadd command:
  Everything ran well, with no errors...
  Finding kvno...2
  Reading /etc/krb5.keytab...done.
  Creating new keytab file...done.
  Writing out temporary keytab...done.
  Making backup of old keytab and moving new keytab into place...done.
  Operation Completed. You can verify with "kinit <ad user>; kvno -k /etc/krb5.keytab ldap/---.example.com"
  3. Verifying with kinit gave me the keytab errors:
  kinit matx; kvno -k /etc/krb5.keytab ldap/fcs.example.com
  Please enter the password for [email protected]:
  ldap/[email protected]: kvno = 2, keytab entry invalid
  kvno: Permission denied while decrypting ticket for 'ldap/[email protected]'
  Thoughts?

  Hello, I'm having issues with the client login after AD integration. I followed the steps from http://support.apple.com/kb/HT3818 and the Terminal output reported a success.
  I'm able to add AD groups in Final Cut Server Group Permissions. However, when I try logging in on the FCServer client using credentials associated with AD group I've added, I'm getting an error message from the client stating:
  "Please re-enter the username and password or contact the server administrator. Please note that the username and password are case-sensitive."
  The FQDN is correct in the Server field of the client.
  I'm able to log into the client using locally created user accounts that I've created on the server so I know the client is communicating correctly.
  The only thing I can find in the Console for the client machine is this:
  11/25/09 10:50:12 AM /Users/*/Desktop/Final Cut Server.app/Contents/MacOS/Final Cut Server[1773] Warning: accessing obsolete X509Anchors.
  In the server Console, this is a suspect message: /Library/Application Support/Final Cut Server/Final Cut Server.bundle/Contents/MacOS/fcsvr_stored[77891] pps proxy error: dsDoDirNodeAuth = -14091
  Not finding much info out there regarding this. Any guidance is appreciated.

• Microsoft Active Directory 2008 - Day CQ Integration.

  Hi All,
  We have integrated AD with CQ for authentication purpose (JAAS config, LDAPLoginModule).
  We are registering user from our website and storing them directly on AD (using day ldap client APIs - day-commons-ldapclient-1.1.6.jar). Now the problem is that the created user are disabled by default, to overcome this we have set an attribute "userAccountControl" while registering.
  This solved the disable issue, but another issue is that user can not login unless his/her password is being reset from AD admin interface.
  The password is set in "userPassword" attribute and AD is not treating this as a password so it enable the flag for reset password mechanism.
  There is another attribute which needs to be set for this and is called "unicodePwd", but to set this the connection should be encrypted(at least 128 bit SSL/TLS) and LDAPS should be used and not LDAP.
  Please refer the MS article at http://msdn.microsoft.com/en-us/library/cc223248%28v=prot.10%29.aspx
  So the question is that can it be achieved with with LDAP protocol itself, if not then how big is the effort to go via LDAPS approach.
  Has anybody achieved something similar and throw some light?
  Any pointer will be helpful.
  Thanks in Advance,
  Rakesh

  From what I understand, you are attempting to synchronize your users from CQ into your active directory instance. To me, it sounds like you should really get LDAPS set up, as opposed to attempting to work aroud it.
  Here is a link to the part of the document Day wrote on how to configure LDAP for CQ5:
  http://dev.day.com/docs/en/crx/current/administering/ldap_authentication.html#Configuring LDAP over SSL
  Additionally, if you take a look at the forum topic I posted about this very problem, there is a nice list of resources for what you are trying to do: http://forums.adobe.com/thread/1068151?tstart=0
  Hope that helps! Good luck!

• Failover agents who work with active directory integration

  Hi Guys,
  I have implemented 'Active Directory' failover in SCOM. But what i see is that it doesn't work.
  The agents are assigned by AD, but the first (RMS Role) management server has got all the agents and is to busy and
  has got many problems to handle all the load. Even with this case nothing is failing over.
  A few i could failover with hand, but the most i cannot because 'change primary management' server is blanked out. Even with the agents turned back from manuel to automatic (blog Kevin Holman).
  1. Has anybody got any idea of getting the AD failover to work automatic?
  2. Has anybody got a workaround to do this manual, by powershell (SCOM 2012 R2 cmdlets), bypassing the grayed out 'Change primary management server?
  3. In my failover screen is see the management servers + the internet DMZ gateway server. I don't want to failover to the internet DMZ Gateway server. Can i delete this?
  Please have a look at my specific question. I did read many blogs who are based on powershell without AD integration or AD integration without explaining how the automatic failover works.
  Kind regards,
  André

  Hi,
  SCOM windows agents automatic failover does not require AD integration or PowerShell scripting or Configuration Manager or manual agents installation specially for small to medium environment and agents distribution between different SCOM management servers
  can be accomplished through push agents wizard, and windows agents failover can be simply verified from event viewer.
  Please refer to the below links for more details:
  How to Use Active Directory Domain Services to Assign Computers to Management Servers
  http://technet.microsoft.com/en-us/library/hh212712.aspx
  OpsMgr AD Integration - how it works
  http://blogs.msdn.com/b/steverac/archive/2008/03/20/opsmgr-ad-integration-how-it-works.aspx
  Regards,
  Yan Li
  Regards, Yan Li

• Help with Active Directory Integration and kerberos

  Hello,
  I’m encountering a bug preventing me to use Active Directory integration with kerberos :
  Our domain name is CORP.DOMAIN.COM.
  When we request the GC in this domain :
  bash-3.00# nslookup -query=any gc.tcp.corp.domain.com
  Server: 1.2.1.6
  Address: 1.2.1.6#53
  ** server can't find gc.tcp.corp.domain.com: NXDOMAIN
  there is no answer.
  But when we request without corp, we find the servers :
  bash-3.00# nslookup -query=any gc.tcp.domain.com | grep sis
  gc.tcp.domain.com service = 0 100 3268 serveur02.corp.domain.com.
  gc.tcp.domain.com service = 0 100 3268 serveur01.corp.domain.com.
  bash-3.00#
  Is-it possible to add the possibility to enter the domain name where reside the gc.tcp ?
  Thank you.

  Hello
  the domain.com domain exist, but it's not our domain.
  so, when I put domain.com, it search with no result (nothing appends).
  our kdc.conf :
  [kdcdefaults]
  kdc_ports = 88,750
  [realms]
  CORP.DOMAIN.COM = {
  profile = /etc/krb5/krb5.conf
  database_name = /var/krb5/principal
  admin_keytab = /etc/krb5/kadm5.keytab
  acl_file = /etc/krb5/kadm5.acl
  kadmind_port = 749
  max_life = 8h 0m 0s
  max_renewable_life = 7d 0h 0m 0s
  default_principal_flags = +preauth
  krb.conf
  [libdefaults]
  default_realm = CORP.DOMAIN.COM
  default_checksum = rsa-md5
  [realms]
  CORP.DOMAIN.COM = {
  kdc = dc01.corp.domain.com
  kdc = dc02.corp.domain.com
  [domain_realm]
  .corp.domain.com = CORP.DOMAIN.COM
  corp.domain.com = CORP.DOMAIN.COM
  in every domain, I think the GC are in corp.domain.com. but in my company, it's in domain.com...
  Thank you,

• Integration of Active Directory on EBS R12

  Hi,
  Need to integrate Active Directory on our EBS 12.1.1 on Linux server with Window 2008 Active Directory.
  Any suggestion, document or tutorial please.
  Thanks in advance

  Hi Richa,
  Please see
  DIP Synchronization with Microsoft Active Directory Quick Start Guide [ID 267153.1]
  Configuring eBusiness Suite with Windows Native Authentication (WNA) [ID 744118.1]
  http://www.freeoraclehelp.com/2011/09/oid-integration-with-ms-active.html
  Oracle applications and Active Directory
  http://docs.oracle.com/cd/E18727_01/doc.121/e12843/T156458T465432.htm#4236328
  http://docs.oracle.com/cd/E10773_01/doc/oim.1014/e10528/odip_actdir.htm
  http://www.serkey.com/how-to-import-your-ms-active-directory-users-in-an-oracle-table-bdv38t.html
  Thanks

• OIM Active Directory 2008 integration

  Hi All,
  Has anyone integrated (or being in the process of integrating just now) OIM 9.1 with Active Directory on a Windows 2008 Server using the AD 9.1 connector or a custom connector? Any problems or other experiences with such integration?
  The 9.1.1 connector will be cerfified for AD on Windows 2008 but the current connector 9.1 (or 9.1.0.1) is only cerfified for AD on Windows 2003 or 2000.
  Thanks,
  Albin

  I believe you question should be if the connector supports this architecture. Check out the versions supported for the connector you are using and you should be good.
  -Bikash

• Single Signon and Integration with Active Directory

  Hi,
  We have a requirement to integrate Active Directory with SAP and implement Single Signon solution. Our Active Directory is running on Windows 2003 and we are having systems 4.7 , ECC6.0 which run on Linux OS in our landscape.
  Can anyone of you help me by answering following questions
  1. Is there any need of any third party solution(tool) to integrate  Active Directory and SAP and activate single signon?
  2.Is there any difference in integration from SAP 4.7 and ECC6.0 of SAP on Linux OS with Active Directory ?
  3. If possible please share any documents or links on above issue.
  Suitable answers will be rewarded with points. Thanks in advance for your help
  Regards
  Murali

  > Thank you very much for providing me the link. But the document on link seem to be in German. Can you please let me know how to get English version of this document.
  I'm sorry, you'd have to ask Realtech for that document in English.
  Basically you can follow
  http://osdir.com/ml/encryption.kerberos.general/2004-11/msg00007.html
  Markus

• ACS Express integration with Active Directory

  Hello,
  I have ACS Express version 5.0.1 installed on Cisco ADE; I'm trying to get it integreated with an Active Directory without sucess.
  I did packet captures on the ASA that is in between and I can see communication going thru just fine. I ran a diagnostic on the ACS express and got this:
  DIAGNOSTIC USING THE IP ADDRESS OF THE DOMAIN CONTROLLER:
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Tabla normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin:0cm;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  Output of AD Domain Diagnostics:
  IP Diagnostics
  Local host name: he-zfm-acs-01
  Local IP Address: 172.31.67.10
  Not found in DNS!Make sure it is in Reverse Lookup Zone.
  FQDN host name:he-zfm-acs-01.clarocr.americamovil.ca1
  Domain Diagnostics:
  Domain: 172.24.2.93
  Subnet site:
  WARNING! Unable to locate computer's subnet site in Active Directory.
  Ask your Active Directory administrator to add this computer's subnet
  to the appropriate site.
  DNS query for: _ldap._tcp.172.24.2.93
  Found no SRV records!
  Computer Account Diagnostics
  Not joined to any domain
  AD Agent Process Status: Not joined to any domain
  DIAGNOSTIC USING THE AD REALM:
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Tabla normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
  mso-para-margin:0cm;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  Output of AD Domain Diagnostics:
  IP Diagnostics
  Local host name: he-zfm-acs-01
  Local IP Address: 172.31.67.10
  FQDN host name:he-zfm-acs-02.clarocr.americamovil.ca1
  Domain Diagnostics:
  Domain: CLAROCR.AMERICAMOVIL.CA1
  Subnet site: TELECOM
  DNS query for: _ldap._tcp.CLAROCR.AMERICAMOVIL.CA1
  Found SRV records:
  rom-pro-dc-03.clarocr.americamovil.ca1:389
  Testing Active Directory connectivity:
  Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1
  ldap: 389/tcp - good
  ldap: 389/udp - good
  smb: 445/tcp - good
  kdc: 88/tcp - good
  kpasswd: 464/tcp - good
  ntp: 123/udp - good
  Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1:389
  Domain controller type: Windows 2003
  Domain Name: CLAROCR.AMERICAMOVIL.CA1
  isGlobalCatalogReady: TRUE
  domainFunctionality:
  forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
  domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
  Forest Name: AMERICAMOVIL.CA1
  DNS query for: _gc._tcp.AMERICAMOVIL.CA1
  Testing Active Directory connectivity:
  Global Catalog: rom-des-dc-01.desa1sv.americamovil.ca1
  gc: 3268/tcp - timeout
  No TCP LDAP response, giving up on rom-des-dc-01.desa1sv.americamovil.ca1
  Global Catalog: rom-amv-dc-02.americamovil.ca1
  gc: 3268/tcp - good
  Global Catalog: rom-tlc-dc-01.telecom.americamovil.ca1
  gc: 3268/tcp - good
  Global Catalog: rom-pro-dc-03.clarocr.americamovil.ca1
  gc: 3268/tcp - good
  Global Catalog: rom-tlc-dc-02.telecom.americamovil.ca1
  gc: 3268/tcp - good
  Global Catalog: rom-amv-dc-01.americamovil.ca1
  gc: 3268/tcp - good
  Domain Controller: rom-amv-dc-02.americamovil.ca1:3268
  Domain controller type: Windows 2003
  Domain Name: AMERICAMOVIL.CA1
  isGlobalCatalogReady: TRUE
  domainFunctionality:
  forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
  domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
  Domain Controller: rom-tlc-dc-01.telecom.americamovil.ca1:3268
  Domain controller type: Windows 2003
  Domain Name: TELECOM.AMERICAMOVIL.CA1
  isGlobalCatalogReady: TRUE
  domainFunctionality:
  forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
  domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
  Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1:3268
  Domain controller type: Windows 2003
  Domain Name: CLAROCR.AMERICAMOVIL.CA1
  isGlobalCatalogReady: TRUE
  domainFunctionality:
  forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
  domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
  Domain Controller: rom-tlc-dc-02.telecom.americamovil.ca1:3268
  Domain controller type: Windows 2003
  Domain Name: TELECOM.AMERICAMOVIL.CA1
  isGlobalCatalogReady: TRUE
  domainFunctionality:
  forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
  domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
  Domain Controller: rom-amv-dc-01.americamovil.ca1:3268
  Domain controller type: Windows 2003
  Domain Name: AMERICAMOVIL.CA1
  isGlobalCatalogReady: TRUE
  domainFunctionality:
  forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
  domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
  Forest Name: AMERICAMOVIL.CA1
  Computer Account Diagnostics
  Not joined to any domain
  AD Agent Process Status: Not joined to any domain

  Dennis,
  TIme in sync on the ACS and AD servers?
  Faisal

• Storage Integration with Active Directory Services Part 2

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  Having your storage device join Active Directory Services can be relatively straightforward.  What do do if the JOIN button fails?  This demo goes through a basic checklist from network to server. Demo covers integration between the NSS2000/3000/4000/6000 platform and Microsoft ADS Server 2003.
  Part 1 - Network Overview
  Part 2 - NSS Configuration
  Part 3 - Connecting a share
  Part 4 - Server 2003 Administration
  Note: Some artistic license was used to make the test environment more easy to illustrate but the principles are the same in a live network.

  Hi Angus,
  Policy Server does not require a specific LDAP schema. During configuration you simply map the LDAP attributes of your schema to the ones that Policy Server supports (e.g., common name, email address, etc).
  If you are configuring Policy Server to use an LDAP, it will use the LDAP to authenticate the user (Policy Server does not store the password itself in this case).
  If passwords are stored outside of the LDAP (e.g., in a database), it is possible to write a custom authentication provider to authenticate against this source.
  Hope this helps,
  -Bill