Discussion:
Using PCNS between forests
(too old to reply)
Nitzan
2007-07-24 14:44:04 UTC
Permalink
Hello,

I have a scenario in which the MIIS server is in one domain. I would like to
sync passwords from other domains to the MIIS.
After reading the step by step guide i saw that this requiers forest trust -
which is not a posibilty for me.

I would like to know if there is any way to workaround the trust?

Thanks,

Nitzan Bar
Tomasz Onyszko
2007-07-24 16:34:09 UTC
Permalink
Post by Nitzan
Hello,
I have a scenario in which the MIIS server is in one domain. I would like to
sync passwords from other domains to the MIIS.
After reading the step by step guide i saw that this requiers forest trust -
which is not a posibilty for me.
I would like to know if there is any way to workaround the trust?
Read carefully
http://technet2.microsoft.com/ILM/en/library/839a9291-a78f-4959-8e6a-3bf68bf627001033.mspx?mfr=true

(...)
You can synchronize passwords one way between forests without trust if
MIIS 2003 and PCNS are in the same forest. For example, if you want to
install both PCNS and MIIS 2003 in Forest A, and you want to configure
them to synchronize passwords to Forest B; the credentials in the MIIS
2003 management agent for Forest B will provide the necessary
authentication without the trust requirement.
(...)
--
Tomasz Onyszko
http://www.w2k.pl/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
Nitzan
2007-07-24 17:28:11 UTC
Permalink
Thanks but I am afriad I can't do that.
I have a couple of domains and I want them all to be the sources for my
metaverse.
I wan't to put PCNS on these domains and MIIS will be installed on a
different domain.
Is there a solution for this?

Thanks,

Nitzan Bar
Post by Tomasz Onyszko
Post by Nitzan
Hello,
I have a scenario in which the MIIS server is in one domain. I would like to
sync passwords from other domains to the MIIS.
After reading the step by step guide i saw that this requiers forest trust -
which is not a posibilty for me.
I would like to know if there is any way to workaround the trust?
Read carefully
http://technet2.microsoft.com/ILM/en/library/839a9291-a78f-4959-8e6a-3bf68bf627001033.mspx?mfr=true
(...)
You can synchronize passwords one way between forests without trust if
MIIS 2003 and PCNS are in the same forest. For example, if you want to
install both PCNS and MIIS 2003 in Forest A, and you want to configure
them to synchronize passwords to Forest B; the credentials in the MIIS
2003 management agent for Forest B will provide the necessary
authentication without the trust requirement.
(...)
--
Tomasz Onyszko
http://www.w2k.pl/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
Tomasz Onyszko
2007-07-24 17:33:09 UTC
Permalink
This post might be inappropriate. Click to display it.
Nitzan
2007-07-24 17:46:04 UTC
Permalink
Thanks agian.

No. Each Domain will contribute it's own users (I added using rule
extentions identifier to the account name and DN) and I want to create a
single active directory wit all the users. I would like users to be able to
change passwords in their original domain and I want PCNS to sync these
changes to the central AD.

Any Ideas?

Thanks,

Nitzan Bar
Post by Tomasz Onyszko
Post by Nitzan
Thanks but I am afriad I can't do that.
I have a couple of domains and I want them all to be the sources for my
metaverse.
I wan't to put PCNS on these domains and MIIS will be installed on a
different domain.
Is there a solution for this?
So ... do You want to have multiple password sources? Are You aware
that You can't control from which source password will be pushed to
which target? What is the purpose of password synchronization with
multiple sources?
Multiple MIIS instances can be used here.
--
Tomasz Onyszko
http://www.w2k.pl/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
Michael D'Angelo
2007-07-24 18:37:35 UTC
Permalink
If forest trusts are not an option, then the only other thing you can do is
set up an MIIS server in each source domain.
Post by Nitzan
Thanks agian.
No. Each Domain will contribute it's own users (I added using rule
extentions identifier to the account name and DN) and I want to create a
single active directory wit all the users. I would like users to be able to
change passwords in their original domain and I want PCNS to sync these
changes to the central AD.
Any Ideas?
Thanks,
Nitzan Bar
Post by Tomasz Onyszko
Post by Nitzan
Thanks but I am afriad I can't do that.
I have a couple of domains and I want them all to be the sources for my
metaverse.
I wan't to put PCNS on these domains and MIIS will be installed on a
different domain.
Is there a solution for this?
So ... do You want to have multiple password sources? Are You aware
that You can't control from which source password will be pushed to
which target? What is the purpose of password synchronization with
multiple sources?
Multiple MIIS instances can be used here.
--
Tomasz Onyszko
http://www.w2k.pl/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
Tomasz Onyszko
2007-07-24 19:08:05 UTC
Permalink
Post by Michael D'Angelo
If forest trusts are not an option, then the only other thing you can do is
set up an MIIS server in each source domain.
In fact, if he want's to only synchronize password with AD domain it can
be IIFP in each domain which will not require full blown MIIS license
--
Tomasz Onyszko
http://www.w2k.pl/ - (PL)
http://blogs.dirteam.com/blogs/tomek/ - (EN)
Loading...