locked
Should Active Directory be a Domain Controller or in a different domain ? RRS feed

  • Question

  • MCSF uses Active Directory to store user details.

    1. But does it need to be in a different domain or a domain controller ?

    2. Can I just install AD and point MCSF to store users there ?

    Regards,
    Sachin

     

    Wednesday, September 27, 2006 4:03 AM

Answers

  • If you install AD, that will become a DC right :). Now it takes me to your first question, which I suggest you have different box for AD, and different box for CSF components, but they both should be in the same domain.

    Can you use an existing domain that you built? absolutely yes, as along as you are domain admin.

    HTH

    Tilak

    Wednesday, September 27, 2006 11:32 PM
  • Hi Sachin and Tilak,

    Thanks for your notes - please also note that the CSF Identity Manager component can not be installed on the same server as Active Directory, because the Identity Manager component uses impersonation, and Active Directory does not permit processes to use impersonation on the same server.

    Many Thanks, Sachin and Tilak!!

    -Rob.

    Thursday, September 28, 2006 2:31 AM

All replies

  • If you install AD, that will become a DC right :). Now it takes me to your first question, which I suggest you have different box for AD, and different box for CSF components, but they both should be in the same domain.

    Can you use an existing domain that you built? absolutely yes, as along as you are domain admin.

    HTH

    Tilak

    Wednesday, September 27, 2006 11:32 PM
  • Hi Sachin and Tilak,

    Thanks for your notes - please also note that the CSF Identity Manager component can not be installed on the same server as Active Directory, because the Identity Manager component uses impersonation, and Active Directory does not permit processes to use impersonation on the same server.

    Many Thanks, Sachin and Tilak!!

    -Rob.

    Thursday, September 28, 2006 2:31 AM
  • Yes, but active directory can be installed without being a DC, right ? I mean, can it just not act as a ldap repository.
    Thursday, September 28, 2006 4:55 AM
  • I think you are talking about ADAM. That doesn't work with CSF.

    Active Directory Application Mode

    Active Directory Application Mode (ADAM) is a directory service designed to meet the needs of organizations that cannot rely solely on Active Directory to provide directory services for directory-enabled applications. While Active Directory offers many benefits for managing network infrastructure, organizations often need a more flexible directory service to support directory-enabled applications. ADAM is a Lightweight Directory Access Protocol (LDAP) directory service designed specifically for directory-enabled applications.

    http://technet2.microsoft.com/WindowsServer/en/library/05c4f979-41c0-40d7-8687-2549d214643e1033.mspx?mfr=true

    Thanks

    Thursday, September 28, 2006 5:59 PM