Querying and updating active directory using c Thai chat webcam room
Once these *NIX attributes are part of the schema they can be modified with the MMC snap-in Active Directory Users and Groups, as long as has been installed from the Windows Server 2003 R2 Administration Tools Pack.If *NIX group membership has been administered by modifying the list in the UNIX attributes tab of AD Users and Computers (which is REQUIRED in a NIS environment), then 'unique Member' should be mapped to 'ms SFU30Posix Member' (or 'posix Member' for WS03R2) as 'member' only includes the membership listed in the Windows group.
The installation needs to be performed using an account that has Enterprise Admin privileges in order for the schema to be extended successfully (indeed, Enterprise Admin privileges are required even if the schema has already been extended).
It is important to keep in mind that the Samba developers have to play detective to try to basically reverse engineer the Microsoft implementation of the SMB protocol.
The end result is that there are occasional issues that must be worked around if a bug fix does not exist.
If you are in a complex environment with multiple domains or multiple trees and want people from all your domains to login specify the Global Catalog port for your LDAP queries instead of the default port.
If you do this is essential all LDAP servers specified in the be Global Catalogs.In Windows Server 2003 R2, the Active Directory schema is already extended with an RFC2307-compliant schema.