Link to home
Start Free TrialLog in
Avatar of jcaballero73
jcaballero73

asked on

Add users to AD for authentication, but not for computer access

I am in a network setting where we use Win 2k3 Sevrer w/ AD for the faculty and staff of our school.  The students are authenticated by an Open Directory Mac OS X server.  This is not a problem for us as the OS X server can host a STUDENT Doamin for our student windows clients.  However, there are times whne I want to use other products' LDAP features for authentication - often these products work better, or only, with AD.  (I like having the two networks segregated for seurity purposes.)  Thus there are times when it would be nice to have users in the AD who could not login to computers on the network.  That way, if my Content Filter, Print server, etc. was using LDAP for authentication from teh Win 2k3 AD sevrer the names and passwords would be there for authentication.  Is ths possible?  I liken this to creating distribution groups as opposed to security groups in AD.  (We need the Open Directory Mac OSX server to stay for purposes of management of the Apple workstations.  It is possible to have Open Directory look at AD for authentication while maintaining apple client management but this adds several layers of complexity and generally teh addition of an expensive product - we do not want to do this)

Any help with this is appreciated.
ASKER CERTIFIED SOLUTION
Avatar of TheCleaner
TheCleaner
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Netman66
Netman66
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial