We have an application that will be connecting to our Active Directory for a couple of reasons:
i. Authenticating users via their AD username
ii. Checking certain attributes fo users, e.g. their email address
iii. Checking group membership of users
The application itself has been developed by a third party vendor so I'm not entirely sure how it will work, but we they will be testing with us in a few months. Our AD environment is actually a bit complex in that we utilise a resource forest for Exchange 2007 (RES) and also a authentication for user accounts (AUTH). The application may have to pull info from either forest
I had some questions in the meantime to help me understand more about this:
1. For the checking of user attributes/ checking group membership, should the application be making LDAP requests on port 389? Or GC requests on port 3268.
2. For authentication, the app will have to pull password credentials from the AUTH forest. How would this work? I assume the actual user password is stored in a format that is not readable?
3. For authentication, what sort of query would the application be running against AD?
4. How is Kerberos/ NTLM involved here? And which one should we be using?