Re: AD Alternate Credentials

AD generally works best if everything is setup using a DNS name, assuming that DNS is configured right, etc.

If you run Active Directory Users and Computers, you can usually see the DNS name of the domain. Or, if you look at the object path of a user on the User Properties->Object tab, you can figure it out by looking at the DC= portions and building it backwards.

Both the domain and ADSI Server should use the DNS style when using the alternate credentials feature. Once you get the DNS name of your domain, ie:

mydomain.com

your ADSI Server is usually something like:

my_DC.mydomain.com

Let me know if this answers your question.

Re: AD Alternate Credentials

That fixed that problem. (I ended up getting it from the AD Users and Computers tool). I did not realize it was really just a FQ Domain Name.

Now I am hitting another problem though.

I have Created another domain alias for the AD Domain. I then placed my credentials in there using the Authentication Credentials feature. Now I am getting the error message "Unable to access Active Directory Path <PDCName>.<FQDN> . <Null>HResult 0x80004005 => Un specified Error".

I can acces the server list when I use the 'servers' item.

Any ideas as to what is wrong here?

Thanks

Re: AD Alternate Credentials

What action are you performing to get this error ?

Re: AD Alternate Credentials

I am trying to open the "Containers/OUs" folder of the AD environment.

That error messages occurs on the following functions:
enumerate "Containers/OU" folders, "All Groups", "All Users", "Global Groups", "Local Groups", "Universal Groups", and "Computers"


I can perform the following functions just fine:
enumerate "servers"

Thanks

Re: AD Alternate Credentials

Before using the alternate credentials functions, you should verify that this account works fine when you either logon directly into your workstation with that account or run Hyena with that set of credentials directly (ie 'RunAs'). If that works, then we know the account has the right security. If the alternate credentials method still does not work, then you will have to use another method, probably running Hyena using that security context.

The alternate credentials mechanism is meant for users that have multiple domains and they must switch between them and there are not trusts between the domains. But the best way to manage multiple domains is still to either have trusts, use passthrough accounts, or use a different session with different credentials in each session.

Listing the servers is not applicable to this problem as it uses the Windows browse list, which is available to anyone on the network.

Re: AD Alternate Credentials

It runs fine in Run As. I knew the credentials worked. I was hoping to not have to eat up my memory with 2 copies of hyena runnning all the time.

This is a single domain that is segmented where admins have user and admin accounts for security purposes. I was going to have an object with alt credentials for actually managing directory objects and another object that lets me work with my non-admin credentials.

Re: AD Alternate Credentials

I'll retest this with a similar setup. But the alternate credentials method used by Hyena passes the username/password combination that you provide to any AD function. There isn't much we can do if AD returns and error, but if I can reproduce I might be able to see if Microsoft has any ideas as to why.

[This message has been edited by kstanush (edited 06-23-2006).]