RE: ADAM, AzMan question

From: Reza (
Date: 04/29/05

Date: Fri, 29 Apr 2005 13:04:04 -0700


 When you add a role definition it is actually a task with an attribute of
RoleDefinition="True". This is IsRoleDefinition property of IAzRole in fact.
Authorization Manager application of microsoft restricts us to create a role
first then put it in Role Assignments folder. This is actually not a must.
By APIs you can add a role to an application and you can see that role is in
Role Assignments folder without anything in Role Definition folder.


"Morten Overgaard" wrote:

> Hi Sirs.
> Sorry for the cross posting but I did not no in what group to put this
> question :-)
> Anybody knows if the following setup will work:
> Use ADAM (win2003 Server) as a policy store for AzMan where users/groups
> will be assigned from a Windows2003 AD?
> And another one
> It seems that "Role definitions" created in AzMan is stored in ADAM as
> "msDS-AzTask". Why??? and when a role has been assigned a windows user
> account it also appears as a "msDS-Az-Role" in ADAM. How come??
> Regards Morten.