[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

HELP Intranet Access using AD user Account matching ADLDS User Proxy

Posted on 2013-10-22
1
Medium Priority
?
471 Views
Last Modified: 2013-11-03
Hello,

I'm working on a project which consist of accessing Intranet with Active directory user account which matches ADLDS UserProxy object.

Project Description

1- The goal is ADLDS will hold unique users comming from different forest after it's been provisionned by FIM 2010.

2- Users will keep there Login and access Intranet without the  need to  use there credential
After they log on they just have to click  Internet Explorer and  taaaddddaaaa!!!!

Scenario:

1- FIM provision ADLDS with UserProxy accounts with a cn that  looks like <Firstname>.Lastname> example: Jhon.cooper

2- Jhon AD Samaccount looks like <First letter of the first name><Lastname> Example: jcooper

3- jhon UserProxy object is bind to his AD account

Issue

1 - When Jhon authenticate to AD with his AD account (jcooper) he can not acces the intranet

2 - When i create  an AD user account for jhon with the login that's looks like <Jhon.cooper> (Same as the UserProxy object cn in ADLDS)
Jhon can acces Intranet successfully!!!!!

3 - Obviousely Jhon can't autheticate on AD with his ADLDS cn (This is normal) and the goal is the user keep there actual AD login to access Intranet

Question

I don't understand why with formal user AD account they can't access Intranet but when recreating another user account which match the ADLDS userproxy cn it works fine ????

NB: For testing reason we've exported all AD forest from Production environment in to a testing lab environment.

Thank You
0
Comment
Question by:AMATERASOU
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 10

Accepted Solution

by:
ienaxxx earned 1500 total points
ID: 39591073
probably the intranet application is checking on the wrong field.... is there some way you can log the query result in the application (i mean: there should be a part of the code looking for userproxy field, querying AD)

Another option is that FIM doesn't provision the userproxy field correctly...

as per read here, userproxy should be the "linkage" betw ADLDS and AD...
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question