tags:

views:

86

answers:

1
+1  Q: 

Active Directory synchronization with transformation?

I'm not too familiar with Active Directory, so I may be taking the wrong approach here...

I'd like to have my master active directory instance replicated to another instance on a continuous basis, with various attributes changed. For example, I may want the passwords changed for all users, set to something random in the replica copy.

Data movement will only be one way - always from the master to the replica. The replica should be identical to the master with the exception of the modified attributes.

What's a good way to to do this?

I'd like to do this with multiple master ADs as well - the replica AD should contain the superset of users in all master ADs.

An alternative might be to layer something on top of my master ADs that perform the password/attribute changes on the fly. Is this possible/desirable?

+1  A: 

Can you provide any more information on what is it that you are trying to accomplish? That might provide some more insight into how best to solve the problem. Are you talking about replicating information between domains within the same forest? Or are you talking about replicating across forests?

You might take a look at some of the MIIS documentation and see if that would work for what you have in mind.

Skrymsli  2009-05-17 07:30:59
I'm not sure about forests. My first goal is something like this: I'd like to allow authentication without passwords for a particular application. This app uses AD, so I'd like to create an AD instance that allows passwordless login. I'm looking at anonymous bind, which might work, but the other idea is to replicate from the master AD to the replica AD, but see all the passwords in the replica to a known value (eg. "password").
Parand  2009-05-17 18:03:43

related questions

Querying Active Directory with "SQL"?
Can I get more than 1000 records from a DirectorySearcher in Asp.Net?
How to get AD User Groups for user in Asp.Net?
Attempting to update a user's "connect to:" home directory path in AD using C#
Monitoring group membership in Active Directory more efficiently (C# .NET)
How do I speed up data retrieval from .NET AD within ColdFusion
How do you authenticate against an Active Directory server using Spring Security?
Managing large user databases for single-signon.
Move Active Directory Group to Another OU using Powershell
How to move SharePoint sites from one active directory domain to another?
When did I last talk to my Domain Server?
Using ActiveDirectoryMembershipProvider with two domain controllers
I am having trouble getting phpBB to authenticate with our Active Directory
How do I use ADAM to run unit tests?
COMException "Library not registered." while using System.DirectoryServices
Caching Active Directory Data
Windows / Active Directory - User / Groups
Get a list of available domains (NT4 and Active Directory)
How do I use NTLM authentication with Active Directory
I/O permission settings using .net installer
quoting System.DirectoryServices.ResultPropertyCollection
How do you impersonate an Active Directory user in Powershell?
Setting Group Type for new Active Directory Entry in VB.NET
Is there a way for MS Access to grab the current Active Directory user?
Checklist for IIS 6/ASP.NET Windows Authentication?