Add users to AD for authentication, but not for computer access

Posted on 2006-04-07
Last Modified: 2010-04-18
I am in a network setting where we use Win 2k3 Sevrer w/ AD for the faculty and staff of our school.  The students are authenticated by an Open Directory Mac OS X server.  This is not a problem for us as the OS X server can host a STUDENT Doamin for our student windows clients.  However, there are times whne I want to use other products' LDAP features for authentication - often these products work better, or only, with AD.  (I like having the two networks segregated for seurity purposes.)  Thus there are times when it would be nice to have users in the AD who could not login to computers on the network.  That way, if my Content Filter, Print server, etc. was using LDAP for authentication from teh Win 2k3 AD sevrer the names and passwords would be there for authentication.  Is ths possible?  I liken this to creating distribution groups as opposed to security groups in AD.  (We need the Open Directory Mac OSX server to stay for purposes of management of the Apple workstations.  It is possible to have Open Directory look at AD for authentication while maintaining apple client management but this adds several layers of complexity and generally teh addition of an expensive product - we do not want to do this)

Any help with this is appreciated.
Question by:jcaballero73
    LVL 23

    Accepted Solution

    I think you are going down the road of either Microsoft's RADIUS or a 3rd party like Funk (now Juniper) (steel-belted RADIUS).

    Or you could in a sense create a user ID in AD, and set the "log on to these workstations" and not list anything.

    LVL 51

    Assisted Solution


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Suggested Solutions

    So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
    Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now