Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Step 7: Authorize Appropriate Access to the ADS LDS Namespace Object

Published: May 11, 2009

Applies To: Windows Server 2008

Authorization refers to the process of determining which users have access to which directory objects. In AD LDS, access control lists (ACLs) on each directory object determine which users have access to that object. By default, in AD LDS, only ACLs reside in the top-level object of each directory partition. All objects in a given directory partition inherit these ACLs.

For more information about ACLs, see Access Control Lists (http://go.microsoft.com/fwlink/?LinkID=96544) on the Microsoft Web site.

  1. Open an elevated command prompt. (Click Start, right-click Command Prompt, and then click Run as administrator.)

  2. Navigate to the C:\WINDOWS\ADAM directory, and then run the dsacls command to grant the Everyone group read access to the mapping data store as follows:

    dsacls "\\server1:389\CN=nfsadldsinstance,dc=server1" /G everyone:GR /I:T

  3. Optionally, if you are setting up a shared AD LDS store is set to allow multiple NFS servers to query the account mapping database, add the mapping data store to the ACL to allow Read permissions for the Anonymous Logon account as follows:

    dsacls "\\server1:389\CN=nfsadldsinstance,dc=server1" /G "anonymous logon":GR /I:T

    noteNote
    You can skip this step if there is no shared access between computers to the mapping data store.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.