RE: Microsoft Active Directory security concerns

Hi Jason,

I am very delighted by your message because I was doing research on this
subject for the past few months. I came to the conclusion that I have to use
AD for the internal users and ADAM for the external users, but now the
implementation seems a bit tricky.

I need IIS to authenticate the users, how will IIS know when to look in AD
and when to look in ADAM? Does this have anything to do with proxy
redirection from ADAM to AD or do you have to synchronise all users to ADAM
and then somehow make IIS look solely at ADAM for authenticating both the
internal and external users?

Does this solution mean development of software where the software first
tries AD and if it is failing then go to ADAM for the authentication?

Does anyone have some direction where I can read more about this? I cannot
find resources dealing directly with this issues.


View this message in context:
Sent from the Security Basics forum at

This list is sponsored by: SensePost

Hacking, like any art, will take years of dedicated study and
practice to master. We can't teach you to hack. But we can teach you
what we've learned so far. Our courses are honest, real, technical
and practical. SensePost willl be at Black Hat Vegas in July. To see
what we're about, visit us at:

Relevant Pages

  • Re: ADAM
    ... If you need logon auditing, then ADAM can do this, although it will go into ... Security log, not IIS log. ... >>You can not use ADAM for IIS authentication, ...
  • Re: ADAM wirh SSL
    ... Resource kit to generate the self-signed cert I'm using. ... The cert works perfectly with IIS as well, so I know it *can* work. ... used this same procedure on a previous XP install with ADAM and IIS and it ... No suitable default server credential exists on this system. ...
  • Re: ADAM making a call from 2000 server instead of 2003
    ... In IIS 6, the process identity is defined by the app pool identity. ... have any permissions in a remote ADAM as it isn't even a domain account. ... the settings - in this case it is checkng the repository to make sure the ... between iis and adam on the 2000 server. ...
  • Re: ADAM
    ... therefore they did this special-case tweak that produces an event in IIS ... ADAM, a product which is not at all related to SiteServer, does not ... Site Server's LDAP services put the user> name in the IIS log as the CS_username variable. ... >>>>exactly do you use ADAM to do authentication? ...
  • RE: Microsoft Active Directory security concerns
    ... with just vanilla MS tools (IIS, AD, ADAM) at your disposal. ... deploying Policy Enforcement Points at appropriate locations e.g. ... IIS or Apache. ... Having the PDPs return policy access & authentication decisions (allow, ...