Ldap member server

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I came across a KB article months ago that described how to run the AD ldap
service on a member server. I'm looking for a way to install a copy of AD on
a member server for the purpose of queries but not writes. It's easy to
create the ldap SRV record in DNS but from there it is a mystery. Is anyone
familiar with this article or this procedure?
 
Hi DJ

Not familiar with such an article. I would do the following just to ensure
that no one else can use the server. dcpromo the server up and change the
weight (from 100 to 50) on the ldap record. this will ensure that it is not
preferred. The higher the weight the more attractive to cleint machines.

All data is replicated between servers. Did you want to test something on
the directory? if so create a virtual environment. the latter you could use,
if you didn;t want to go for option 1.

Regards
Stephen
 
I have an application that is, unfortunately, hard coded to a Windows 2000
DC. During the move to Windows 2003 all DCs will be replaced (no upgrades)
with new names. I would like to keep demote this server to a member server
but allow the app to perform ldap queries on it. I know I can use a DNS alias
but I would like to avoid that if possible. Also, I can't simply point the
app to a new DC because there are hundreds of saved queries that we have to
manually update and will take time. We want an interim solution that will
allow to take our time with the manual updates. We don't want any Windows
2000 DCs to remain. That's why I'm looking for this procedure.
 
Active Directory is only on domain controllers. You can't run AD on a member.

You can run Active Directory Application Mode (AD/AM) on a Windows Server 2003
or XP member, you can find that here

http://www.microsoft.com/windowsserver2003/adam/default.mspx

You could set up the permissions to allow read access but not write access. If
you want it to have info from AD, you will need to use IIFP/MIIS or some other
syncing software to copy the info from AD to AD/AM. There is another AD -> AD/AM
syncing tool coming from MS as well but that is still in Beta called, I believe,
Adam Syncher. That should be in the R2 Beta.

joe
 
Back
Top