How do I move a user repository from Microsoft Windows NT to Active Directory? (NETIQKB30478)

  • Document ID:7730478
  • Creation Date:02-Feb-2007
  • Modified Date:30-Jan-2008
    • Micro Focus Products:
      VigilEnt Policy Center

Resolution

goal
How do I move a user repository from Microsoft Windows NT to Active Directory?

fact
VigilEnt Policy Center 2.1

fact
VigilEnt Policy Center 2.1 SP6

fix

An administrator can change the user repository access from using native LDAP to Active Directory Services Interface (ADSI), a method for accessing Active Directory. While the standard LDAP interface permits only a fixed number of query results that can be returned by the Active Directory server, usually 1,000, ADSI permits entire lists to be enumerated and avoids incorrect reports, limited access to user lists, and other incorrect or misleading results in VigilEnt Policy Center. ADSI also may help increase performance at organizations with a large number of groups and users in an Active Directory server.

VigilEnt Policy Center supports Active Directory only in a ?native mode? domain as opposed to a ?mixed mode? domain. In native mode, all domain controllers must be running a Microsoft Windows 2000 server, although other servers may be running Microsoft Windows NT, 98, or 95. In mixed mode, some of the domain controllers may be running Microsoft Windows NT while client and member servers are running Microsoft Windows NT, 98, or 95. If you are using a mixed mode domain, you must use Microsoft Windows NT for your user repository.

You can change your user repository access from using native LDAP to ADSI, but cannot change your user repository from Microsoft Windows NT to Active Directory. If you attempt to change your user repository from Microsoft Windows NT, you will lose all historical data and your report results will be inconsistent.

The ADSI set up is configured on the "User Repository" page of the Administration tab and is identical to the set up for an Active Directory server, except for the few changes listed below. For more information, refer to the following knowledge base article, "Setting an LDAP Server as the User Repository?:

https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB24431

When setting up the user repository for ADSI, complete the following:

  1. Select the Use native ADSI to connect to server check box on the User Repository tab.

  2. Click Active Directory on the Advanced LDAP Options page. Verify the following field entries, taking into account the proper lowercase and uppercase format:

    • givenName in the First Name field
    • telephoneNumber in the Telephone field
    • objectClass in the Object Class field

  3. Type LDAP in all capital letters in the LDAP URL field. If lowercase letters are used, the system will not connect to the server and an error message will occur. An example of a proper LDAP URL field entry is: LDAP://vpctest4:389.


note

For more information about how to set an LDAP server as the User Repository, refer to the following knowledge base article.

https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB24431

Additional Information

Formerly known as NETIQKB30478