Installation Guides › Policy Server Installation Guide › Configuring LDAP Directory Servers as a Policy or Key Store › Microsoft ADAM as a Policy Store › ADAM Server Prerequisites › Create a Policy Store Partition for the Administrative User

Create a Policy Store Partition for the Administrative User

You create a policy store partition and add an administrative user to it to ensure the policy store schema can be imported. Only an administrative user in the configuration partition can import the policy store schema. This user must have administrative rights over the configuration partition and all of the application partitions, including the policy store partition.

Note: The following procedure assumes you are familiar with configuration, application, and schema partitions. More information exists at:

http://www.c-sharpcorner.com/Code/2004/Aug/DirectoryServices.asp

To create a policy store partition for the administrative user

1. Click Start, Program Files, ADAM, ADAM ADSI Edit.

   The ADAM ADSI Edit utility opens.

2. Create a policy store partition.
3. Navigate to the following in the configuration partition:

   cn=directory service, cn=windows nt,

   cn=services, cn=configuration, cn={guid}

4. Locate the msDS-Other-Settings attribute.
5. Add a new value to the msDS-Other-Settings attribute:

   ADAMAllowADAMSecurityPrincipalsInConfigPartition=1

6. In the configuration and policy store application partitions:
   1. Navigate to CN=Administrators, CN=Roles.
   2. Open the properties of CN=Administrators.
   3. Edit the member attribute.
   4. Click Add ADAM Account, and paste the full DN of the user you created in the configuration partition.
   5. Go to the properties of the user created and check the value set for the object "msDS-UserAccountDisabled". Ensure that the value is set false.

   The administrative user has rights over the configuration partition and all of the application partitions, including the policy store partition.