Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / Windows Server 2003 / Active Directory / July 2005

Tip: Looking for answers? Try searching our database.

ADAM and samAccountName

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Mohammad - 29 Jul 2005 17:55 GMT
I am trying to recreate my AD in ADAM. I have been successful so far until I
started to import my groups through ldifde. It does not seem to like
samAccountName. Looking at the schema, it does not appear I have
samAccountName.
Should I add this ? What issues will I have ? Did I miss something in the
install ?
why isn't samAccountName in the schema ? Isn't this a LDAP standard ?

Any help would be appreciated.
Reply to this Message
Lee Flight - 29 Jul 2005 20:18 GMT
Hi

inline below...

>I am trying to recreate my AD in ADAM. I have been successful so far until
>I
> started to import my groups through ldifde. It does not seem to like
> samAccountName. Looking at the schema, it does not appear I have
> samAccountName.
> Should I add this ? What issues will I have ?

It depends on what you are planning to use the data in ADAM for.
If you have an application that will need the sAMAccountName
then you will need to import it, if not you could just not import
it at all (filter it from your import).

> Did I miss something in the
> install ?
> why isn't samAccountName in the schema ?

The default ADAM schema is fairly minimal, sAMAccountName
is not something that would be useful in most straight LDAP
directories. Of course if your application needs it you can make your
own schema extension to define the attribute.

>Isn't this a LDAP standard ?

No, it's very much an attribute added to AD to support (legacy)
Microsoft authentication mechanisms.

Lee Flight
Reply to this Message
Mohammad - 29 Jul 2005 20:48 GMT
Thank you Lee.

So judging by your response, I should stop relying on samAccountName and use
userPrincipalName ? Currently all our we consider samAccountName as the
userName and use it to perform userName searches.
What is the replacement of samAccountName?

Would aNR be a better search criteria ?

> Hi
>
[quoted text clipped - 27 lines]
>
> Lee Flight
Reply to this Message
Lee Flight - 29 Jul 2005 22:41 GMT
Hi

it really depends on what applications that access ADAM are expecting
to see, if you have in-house applications that are going to search on
sAMAccountName then you will need to add it. If you are copying this
data to ADAM as some kind of whitepages directory then, again,
you need to know what the client applications are going to using
in their LDAP query. You need to look at all the likely client applications
and decide what searches you will support.

There's nothing inherently wrong with using sAMAccountName
but you need to consider it's usefulness to your applications
and it's scope e.g. if you start cataloging multiple domains into
your ADAM naming context sAMAccountName might no longer
have the uniqueness that your AD clients in any given domain
make use of. userPrincipalName probably fairs better on scope.

On ANR, it can very useful but again if your client applications
have hardcoded queries you will need to decide which attributes
to add to your ANR set (as ever you will want to index any attributes
you add to that set).

Lee Flight

> Thank you Lee.
>
[quoted text clipped - 38 lines]
>>
>> Lee Flight
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2010 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.