Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

Can we perform changes in LDAP - Windows 2008 Server

user-image
Question ajoutée par Mazher Ahmed , IT Head , Group Five Pipe Saudi
Date de publication: 2015/04/09
Francis Xavier
par Francis Xavier , SENIOR CUSTOMER CARE ENGINEER , Aspect Software

Lightweight Directory Access Protocol is an interface used to read from and write to the Active Directory database. Therefore, your Active Directory Administration tools (i.e. AD Users and ComputersAD Sites and Services, etc.) as well as third party tools are often going to use LDAP to bind to the database in order to manage your domain. As you can imagine, we rely on Windows security to authorize what users can do when accessing this important database. Access to this database is controlled by the Directory System Agent (DSA), which is represented by Ntdsa.dll on a domain controller. Ntdsa.dll runs as a part of the Local Security Authority (LSA), which runs as Lsass.exe.

The process of granting access is a two step process; Authentication and Authorization. This blog post will focus on the Authentication portion (verifying the user’s identity.) If you would like to learn more about the Authorization process, please read my post on security tokens. Objects in the Active Directory database conform to the same rules as other Windows objects. They have permissions and privileges that govern what the authenticated user can do.

I use the LDP.EXE utility in Windows to reproduce all of the scenarios that follow. This tool is a client GUI to connect, bind and administrate Active Directory. You also want to download Network Monitor if you are troubleshooting an LDAP problem or want to follow along in your own network traces.

More info can be found here (http://www.windowsnetworking.com/articles-tutorials/windows-server-/Configuring-Active-Directory-Lightweight-Directory-Service-Part3.html)