Solved

HELP Intranet Access using AD user Account matching ADLDS User Proxy

Posted on 2013-10-22
1
464 Views
Last Modified: 2013-11-03
Hello,

I'm working on a project which consist of accessing Intranet with Active directory user account which matches ADLDS UserProxy object.

Project Description

1- The goal is ADLDS will hold unique users comming from different forest after it's been provisionned by FIM 2010.

2- Users will keep there Login and access Intranet without the  need to  use there credential
After they log on they just have to click  Internet Explorer and  taaaddddaaaa!!!!

Scenario:

1- FIM provision ADLDS with UserProxy accounts with a cn that  looks like <Firstname>.Lastname> example: Jhon.cooper

2- Jhon AD Samaccount looks like <First letter of the first name><Lastname> Example: jcooper

3- jhon UserProxy object is bind to his AD account

Issue

1 - When Jhon authenticate to AD with his AD account (jcooper) he can not acces the intranet

2 - When i create  an AD user account for jhon with the login that's looks like <Jhon.cooper> (Same as the UserProxy object cn in ADLDS)
Jhon can acces Intranet successfully!!!!!

3 - Obviousely Jhon can't autheticate on AD with his ADLDS cn (This is normal) and the goal is the user keep there actual AD login to access Intranet

Question

I don't understand why with formal user AD account they can't access Intranet but when recreating another user account which match the ADLDS userproxy cn it works fine ????

NB: For testing reason we've exported all AD forest from Production environment in to a testing lab environment.

Thank You
0
Comment
Question by:AMATERASOU
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 10

Accepted Solution

by:
ienaxxx earned 500 total points
ID: 39591073
probably the intranet application is checking on the wrong field.... is there some way you can log the query result in the application (i mean: there should be a part of the code looking for userproxy field, querying AD)

Another option is that FIM doesn't provision the userproxy field correctly...

as per read here, userproxy should be the "linkage" betw ADLDS and AD...
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question