Previous Topic: Patch the ADAM Server

Next Topic: Gather Directory Server Information

Allow User Creation in the Configuration Partition

Only an administrative user in the configuration partition can import the policy store schema. This user must have administrative rights over the configuration partition and all application partitions, including the policy store partition.

Note: The following procedure assumes that you are familiar with configuration, application, and schema partitions.

To allow users to be created in the configuration partition

  1. Open the ADSI Edit console.
  2. Navigate to the following in the configuration partition:

    cn=directory service, cn=windows nt,

    cn=services, cn=configuration, cn={guid}

  3. Locate the msDS-Other-Settings attribute.
  4. Add the following new value to the msDS-Other-Settings attribute:

    ADAMAllowADAMSecurityPrincipalsInConfigPartition=1

  5. In the configuration and policy store application partitions:
    1. Navigate to CN=Administrators, CN=Roles.
    2. Open the properties of CN=Administrators.
    3. Edit the member attribute.
    4. Do one of the following:
      • (ADAM 2000 and 2003) Click Add ADAM Account and paste the full DN of the user you created in the configuration partition.
      • (AD LDS) Click Add DN and paste the full DN of the user you created in the configuration partition.
    5. Go to the properties of the user you created and verify the value for the following object:

      msDS-UserAccountDisabled

      Be sure that the value is set false.

    The administrative user has rights over the configuration partition and all application partitions, including the policy store partition.


Copyright © 2010 CA. All rights reserved. Email CA about this topic