Solved

HELP Intranet Access using AD user Account matching ADLDS User Proxy

Posted on 2013-10-22
1
458 Views
Last Modified: 2013-11-03
Hello,

I'm working on a project which consist of accessing Intranet with Active directory user account which matches ADLDS UserProxy object.

Project Description

1- The goal is ADLDS will hold unique users comming from different forest after it's been provisionned by FIM 2010.

2- Users will keep there Login and access Intranet without the  need to  use there credential
After they log on they just have to click  Internet Explorer and  taaaddddaaaa!!!!

Scenario:

1- FIM provision ADLDS with UserProxy accounts with a cn that  looks like <Firstname>.Lastname> example: Jhon.cooper

2- Jhon AD Samaccount looks like <First letter of the first name><Lastname> Example: jcooper

3- jhon UserProxy object is bind to his AD account

Issue

1 - When Jhon authenticate to AD with his AD account (jcooper) he can not acces the intranet

2 - When i create  an AD user account for jhon with the login that's looks like <Jhon.cooper> (Same as the UserProxy object cn in ADLDS)
Jhon can acces Intranet successfully!!!!!

3 - Obviousely Jhon can't autheticate on AD with his ADLDS cn (This is normal) and the goal is the user keep there actual AD login to access Intranet

Question

I don't understand why with formal user AD account they can't access Intranet but when recreating another user account which match the ADLDS userproxy cn it works fine ????

NB: For testing reason we've exported all AD forest from Production environment in to a testing lab environment.

Thank You
0
Comment
Question by:AMATERASOU
1 Comment
 
LVL 10

Accepted Solution

by:
ienaxxx earned 500 total points
ID: 39591073
probably the intranet application is checking on the wrong field.... is there some way you can log the query result in the application (i mean: there should be a part of the code looking for userproxy field, querying AD)

Another option is that FIM doesn't provision the userproxy field correctly...

as per read here, userproxy should be the "linkage" betw ADLDS and AD...
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now