Sync of AD DS to AD LDS
here`s my situation:
- We have ActiveDirectory domain called test.local
- We have an Internet Application called www.test.net
- We want this application to use our internal AD User-Accounts in a specified OU or Authentication and SingleSign On.
What I would do:
- Setup a Windows Server 2012 with AD LDS on the Internet
- Connect the web application to use that LDAP
Now my question:
Can I use ADAMSync from my internal DC to synchronize user data to the LDS Server on the internet?
Would it be possible that the AD LDS server recognizes password-changes?
I read sth. about UserProxy objects in AD LDS.
Do my suggestions nake sense, or isn`t it possible to sync an internal DC with an external AD LDS?
How do you implement SSO features?
Thanks in advance!
Roland
https://msdn.microsoft.com/en-us/library/bb897402.aspx
Will.
I read that AD FS needs the web application to be AD FS SSO ready.
My Web application has needs a LDAP-Directory to authenticate to.
Is it not possible to synch some users from my internal DC with ADAMSync to an external AD LDS? I would then user Proxy objects to have the passwords in synch.
Any other suggestion how to get SSO working for webapps that support LDAP as authentication provider?
what about if I create a new AD-Domain on an Internet site.
Is there a way to synchronize internal AD User from OU "xx" to the external ActiveDirectory?
What I need is an external LDAP directory that is periodically synced with an OU of my internal Active Directory.
Any suggestions?
I can not use any Web Application with AD FS?
AD FS is not an LDAP, correct?
I`m talking about an PHP-application called ILIAS elearning, that supports "LDAP", "CAS"and so on.
ADFS is not LDAP.
If the app does not support any of the protocols that ADFS supports and you are (understandably) unwilling to allow the app to authenticate against your internal domain controllers then you cannot have SSO at all. And if you want any sort of password syncing (which is not SSO), you'd need to invest in additional solutions such as forefront identity manager, configure PCNS, and define the custom data source. FIM is not free, nor is implementing PCSN in FIM a trivial task. If you aren't willing to spend TBe money purchasing FIM and learning how to implement a custom solution, you'll have to forego synced passwords as well.
You can use ADLDS as an LDAP back end for you app. But you can't have SSO or same passwords. Those are the requirements you seem to be getting stuck on.
Gain unlimited access to on-demand training courses with an Experts Exchange subscription.
Get AccessWhy Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
When asked, what has been your best career decision?
Deciding to stick with EE.
Being involved with EE helped me to grow personally and professionally.
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions
Join our community and discover your potential
Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.
*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.