Re: AzMan with 2000 mixed DC
From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 04/30/05
- Previous message: Roger Abell: "Re: Authenticating user's join domain credentials ? --- win32 api ???"
- In reply to: richlm: "AzMan with 2000 mixed DC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 29 Apr 2005 19:07:48 -0700
First, I do not know.
Second, I am guessing that would not work.
One of the reasons W2k3 domain and forest funtional levels
are required is to enable use of Kerberos constrained delegation.
>From what I am hearing, you would have the AzMan app over in
a different forest, and while identities flowing in over the trust
from the now existing forest could be used in the web app, I am
thinking there would be issues when you went to flow the credentials
the roles has map to back over the trust.
-- Roger Abell Microsoft MVP (Windows Security) MCSE (W2k3,W2k,Nt4) MCDBA "richlm" <richlm@nospam.nospam> wrote in message news:e0w$S7%23SFHA.2996@TK2MSFTNGP15.phx.gbl... > We are deploying an application which uses AzMan, with the store in AD, and > have just discovered that it won't work with the production DC which is > Windows 2000 in "mixed" mode. > > For AzMan to work it has to be a Windows 2003 "native" mode which is not > possible as there are Unix machines in the domain. > > We need to preserve the windows authentication capabilities in AzMan, > against users and groups in the existing (windows 2000 mixed) domain. > > Would a separate Win2003 domain with trust relationship to the primary > domain be a solution? If so would users need to be replicated to the Win2003 > DC? > Can anyone suggest other alternatives? > >
- Previous message: Roger Abell: "Re: Authenticating user's join domain credentials ? --- win32 api ???"
- In reply to: richlm: "AzMan with 2000 mixed DC"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
