Define ADAM user accounts Define the following user accounts in ADAM. One is used for the instance to connect with and the other for ADAMSync. Before you beginRole required: admin About this task These accounts can be local ADAM User objects, UserProxy objects, or a Windows account from a trusted domain. User Account This account requires read-only access to the directory structure you are importing to your instance. The best way to accomplish this is to add the account to the member attribute on the Readers group found in cn=roles,dc=myCompany,dc=adam. New ADAM User accounts are disabled by default. You will need to enable the new accounts and set a password. Procedure Enable users by changing the attribute msDS-UserAccountDisabled to FALSE. Right-click the user object and reset the password. Test the new accounts using LDP as defined in ADAM to make sure they can connect. Use the LDAP > View/Tree option, leaving the Base DN blank to make sure you can view the objects in the directory using the new accounts. The Configuration, Schema, and the domain partition should be visible in the left pane. Traverse the domain partition. If you are using a new local ADAM account, it will show ‘No Children’ which means you don’t have read access to the objects. Verify the Setup group memberships and re-test. ADAMSync User AccountADAMSync uses this account to manage objects in the ADAM partition. This account requires admin level rights since it will create, update, and delete ADAM objects.ADAMSync AD AccountADAMSync uses this account to read the AD objects that will be synchronized to ADAM. Next TopicSet up ADAMSync
Define ADAM user accounts Define the following user accounts in ADAM. One is used for the instance to connect with and the other for ADAMSync. Before you beginRole required: admin About this task These accounts can be local ADAM User objects, UserProxy objects, or a Windows account from a trusted domain. User Account This account requires read-only access to the directory structure you are importing to your instance. The best way to accomplish this is to add the account to the member attribute on the Readers group found in cn=roles,dc=myCompany,dc=adam. New ADAM User accounts are disabled by default. You will need to enable the new accounts and set a password. Procedure Enable users by changing the attribute msDS-UserAccountDisabled to FALSE. Right-click the user object and reset the password. Test the new accounts using LDP as defined in ADAM to make sure they can connect. Use the LDAP > View/Tree option, leaving the Base DN blank to make sure you can view the objects in the directory using the new accounts. The Configuration, Schema, and the domain partition should be visible in the left pane. Traverse the domain partition. If you are using a new local ADAM account, it will show ‘No Children’ which means you don’t have read access to the objects. Verify the Setup group memberships and re-test. ADAMSync User AccountADAMSync uses this account to manage objects in the ADAM partition. This account requires admin level rights since it will create, update, and delete ADAM objects.ADAMSync AD AccountADAMSync uses this account to read the AD objects that will be synchronized to ADAM. Next TopicSet up ADAMSync
