?
Solved

HELP Intranet Access using AD user Account matching ADLDS User Proxy

Posted on 2013-10-22
1
Medium Priority
?
466 Views
Last Modified: 2013-11-03
Hello,

I'm working on a project which consist of accessing Intranet with Active directory user account which matches ADLDS UserProxy object.

Project Description

1- The goal is ADLDS will hold unique users comming from different forest after it's been provisionned by FIM 2010.

2- Users will keep there Login and access Intranet without the  need to  use there credential
After they log on they just have to click  Internet Explorer and  taaaddddaaaa!!!!

Scenario:

1- FIM provision ADLDS with UserProxy accounts with a cn that  looks like <Firstname>.Lastname> example: Jhon.cooper

2- Jhon AD Samaccount looks like <First letter of the first name><Lastname> Example: jcooper

3- jhon UserProxy object is bind to his AD account

Issue

1 - When Jhon authenticate to AD with his AD account (jcooper) he can not acces the intranet

2 - When i create  an AD user account for jhon with the login that's looks like <Jhon.cooper> (Same as the UserProxy object cn in ADLDS)
Jhon can acces Intranet successfully!!!!!

3 - Obviousely Jhon can't autheticate on AD with his ADLDS cn (This is normal) and the goal is the user keep there actual AD login to access Intranet

Question

I don't understand why with formal user AD account they can't access Intranet but when recreating another user account which match the ADLDS userproxy cn it works fine ????

NB: For testing reason we've exported all AD forest from Production environment in to a testing lab environment.

Thank You
0
Comment
Question by:AMATERASOU
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 10

Accepted Solution

by:
ienaxxx earned 1500 total points
ID: 39591073
probably the intranet application is checking on the wrong field.... is there some way you can log the query result in the application (i mean: there should be a part of the code looking for userproxy field, querying AD)

Another option is that FIM doesn't provision the userproxy field correctly...

as per read here, userproxy should be the "linkage" betw ADLDS and AD...
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses
Course of the Month8 days, 6 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question