How do I move a user repository from Microsoft Windows NT to Active Directory?
VigilEnt Policy Center 2.1
VigilEnt Policy Center 2.1 SP6
An administrator can change the user repository access from using native LDAP to Active Directory Services Interface (ADSI), a method for accessing Active Directory. While the standard LDAP interface permits only a fixed number of query results that can be returned by the Active Directory server, usually 1,000, ADSI permits entire lists to be enumerated and avoids incorrect reports, limited access to user lists, and other incorrect or misleading results in VigilEnt Policy Center. ADSI also may help increase performance at organizations with a large number of groups and users in an Active Directory server.
VigilEnt Policy CenterÂ supports Active Directory only in a ?native mode? domain as opposed to a ?mixed mode? domain. In native mode, all domain controllers must be running a Microsoft Windows 2000 server, although other servers may be running Microsoft Windows NT, 98, or 95. In mixed mode, some of the domain controllers may be running Microsoft Windows NT while client and member servers are running Microsoft Windows NT, 98, or 95. If you are using a mixed mode domain, you must use Microsoft Windows NT for your user repository.
You can change your user repository access from using native LDAP to ADSI, but cannot change your user repository from Microsoft Windows NT to Active Directory. If you attempt to change your user repository from Microsoft Windows NT, you will lose all historical data and your report results will be inconsistent.
The ADSI set up is configured on the "User Repository" page of the Administration tab and is identical to the set up for an Active Directory server, except for the few changes listed below. For more information,Â refer toÂ the following knowledge base article, "Setting an LDAP Server as the User Repository?:
When setting up the user repository for ADSI, complete the following:
- Select the Use native ADSI to connect to server check box on the User Repository tab.
- Click Active Directory on the Advanced LDAP Options page. Verify the following field entries, taking into account the proper lowercase and uppercase format:
- givenName in the First Name field
- telephoneNumber in the Telephone field
- objectClass in the Object Class field
LDAPin all capital letters in the LDAP URL field. If lowercase letters are used, the system will not connect to the server and an error message will occur. An example of a proper LDAP URL field entry is:
For more information about how to set an LDAP server as the User Repository, refer to the following knowledge base article.