Installation and Upgrade Guides › Policy Server Installation Guide › Configuring LDAP Directory Servers as a Policy or Key Store › Microsoft ADAM/AD LDS as a Policy Store › ADAM/AD LDS Prerequisites › Allow User Creation in the Configuration Partition
Allow User Creation in the Configuration Partition
Only an administrative user in the configuration partition can import the policy store schema. This user must have administrative rights over the configuration partition and all application partitions, including the policy store partition.
Note: The following procedure assumes that you are familiar with configuration, application, and schema partitions.
To allow users to be created in the configuration partition
- Open the ADSI Edit console.
- Navigate to the following in the configuration partition:
cn=directory service, cn=windows nt,
cn=services, cn=configuration, cn={guid}
- Locate the msDS-Other-Settings attribute.
- Add the following new value to the msDS-Other-Settings attribute:
ADAMAllowADAMSecurityPrincipalsInConfigPartition=1
- In the configuration and policy store application partitions:
- Navigate to CN=Administrators, CN=Roles.
- Open the properties of CN=Administrators.
- Edit the member attribute.
- Do one of the following:
- (ADAM 2000 and 2003) Click Add ADAM Account and paste the full DN of the user you created in the configuration partition.
- (AD LDS) Click Add DN and paste the full DN of the user you created in the configuration partition.
- Go to the properties of the user you created and verify the value for the following object:
msDS-UserAccountDisabled
Be sure that the value is set false.
The administrative user has rights over the configuration partition and all application partitions, including the policy store partition.