AD Authentication, ADAM personalization

[Tim Osborn]

I want to use AD for authentication, but store personalization info in
ADAM. I will create a user object in ADAM to hold custom info. That
object will have an attribute that holds the objectGuid from the
associated AD user. After authenticating against AD, I want to use the
objectGuid to look up the associated ADAM user to get the
personalization info.

The recommendation is to use an indexed attribute in the ADAM object
to hold the objectGuid. How do I locate/create/ensure that the
attribute on my custom ADAM user is indexed?

Once AD authentication succeeds, how do I programmatically locate
(e.g. using System.DirectoryServices) the ADAM user with the attribute
value equal to the AD user's objectGuid?

 

[Ohaya]

Tim,

I'll be VERY interested in following this thread, as I think that it
might almost exactly describe what I'm going to be forced to do in a
situation that I'm involved in (see my thread in
microsoft.public.windows.server.active_directory , "What operational
differences when use..." - I've been told that's where most of the
ADAM-related discussions take place - I'm cross-posting this there, I
hope that is ok with you!).

Besides the questions that you posed, I am curious how you plan to keep
whatever information needs to be synchronized between the AD and ADAM
stores synchronized?

Are you planning to manually maintain both the ADAM information and the
relevant information in the AD? Especially, how are you planning to get
the objectGuid that you mentioned into ADAM for each user in AD?

 

[Ohaya]

Tim, et al,

BTW, in my case, the ADAM instance will probably be running on a
physically separate machine than the machine with AD, and the machine
running AD might probably also be in a different domain from the machine
running ADAM. I don't know if this might complicate the situation even
more !!