Solved

HELP Intranet Access using AD user Account matching ADLDS User Proxy

Posted on 2013-10-22
1
461 Views
Last Modified: 2013-11-03
Hello,

I'm working on a project which consist of accessing Intranet with Active directory user account which matches ADLDS UserProxy object.

Project Description

1- The goal is ADLDS will hold unique users comming from different forest after it's been provisionned by FIM 2010.

2- Users will keep there Login and access Intranet without the  need to  use there credential
After they log on they just have to click  Internet Explorer and  taaaddddaaaa!!!!

Scenario:

1- FIM provision ADLDS with UserProxy accounts with a cn that  looks like <Firstname>.Lastname> example: Jhon.cooper

2- Jhon AD Samaccount looks like <First letter of the first name><Lastname> Example: jcooper

3- jhon UserProxy object is bind to his AD account

Issue

1 - When Jhon authenticate to AD with his AD account (jcooper) he can not acces the intranet

2 - When i create  an AD user account for jhon with the login that's looks like <Jhon.cooper> (Same as the UserProxy object cn in ADLDS)
Jhon can acces Intranet successfully!!!!!

3 - Obviousely Jhon can't autheticate on AD with his ADLDS cn (This is normal) and the goal is the user keep there actual AD login to access Intranet

Question

I don't understand why with formal user AD account they can't access Intranet but when recreating another user account which match the ADLDS userproxy cn it works fine ????

NB: For testing reason we've exported all AD forest from Production environment in to a testing lab environment.

Thank You
0
Comment
Question by:AMATERASOU
1 Comment
 
LVL 10

Accepted Solution

by:
ienaxxx earned 500 total points
ID: 39591073
probably the intranet application is checking on the wrong field.... is there some way you can log the query result in the application (i mean: there should be a part of the code looking for userproxy field, querying AD)

Another option is that FIM doesn't provision the userproxy field correctly...

as per read here, userproxy should be the "linkage" betw ADLDS and AD...
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question