Integrated Identity Management in Active Directory Domain Services

Applies To: Windows Server 2003 R2

As part of the product installation, the Windows Server 2003 R2 schema is extended to support direct lookup of UNIX identities in Active Directory Domain Services. You have the choice of running Server for NIS or managing the schema attributes directly.

UNIX Attributes tab

Server for NIS adds a UNIX Attributes tab in the Active Directory Domain Services Users and Computers console. This addition:

• Provides you with direct graphical user interface (GUI) access to the schema extensions.

• Allows you to directly set attributes for each user (as shown in Figure 3).

The above requires that Server for NIS be installed on a Windows Server 2003 R2 domain controller.

Figure 3. UNIX Attributes tab for user Charlie Russel

If access is requested to a Windows resource, the access requires the permissions of a Windows user. Active Directory Domain Services looks up the UID/GID of the UNIX user requesting access and maps the request to the Windows user to set the appropriate permissions.

If access is requested from a Windows user to a UNIX resource, the Windows user’s UID/GID pair is provided to the UNIX authentication mechanism to set appropriate permissions.