Connector Guides › Connectors Guide › Connecting to Endpoints › Microsoft Active Directory Services Connector › ADS Defaults › ADSI Option

ADSI Option

Important! ADSI is not fully supported in this release and, by default, is disabled. Contact technical support to enable this option.

ADS lets you use a non-SSL connection to the Active Directory Server so you can use ADS in a test environment when enabling SSL is not feasible. The non-SSL connection lets you connect in one of the following two ways:

• Use ADSI for passwords only and non-secure LDAP for everything else.
• Use non-secure LDAP for all communications. This option silently ignores all password change requests.

Note: Both options use a normal authentication with LDAP that sends the user's credentials over the network. This practice can be a serious security risk. Neither of these options should be used in a production environment.

ADSI provides a way to manage accounts and passwords with SSL. This option uses ADSI to set passwords while all other operations use a non-secure LDAP connection.

ADSI does not work in all environments, particularly in cross-domain networks. Only use this option when you do not want to use the non-SSL option.

If ADSI does not work, try the following:

• Install the Windows 2000 Support Tools on the Active Directory Services server you want to manage.
• Run the Provisioning Server in the same domain as the Active Directory server.
• Confirm that the Preferred DNS server field is set correctly on the Provisioning Server.
• Start the Provisioning service with an ADS-domain -administrator account.

WARNING! Do not use the ADSI or non-secure LDAP options in production environments.