-2


I need Active Directory Use My Own Custom Database (or shell or ...) for Authentication Users.
Is there any extention or something like this to change User Passwords Database of active directory?
I need this Because My Accounts Are In simple Database And I don't Want to Sync them periodically
In Fact I can Not Change all My Applications to authenticate from Active Directory!
Just I need Active Directory to Use My Database For Authentication.

Mehrdad Amini
  • 5
  • 2
  • 5
    What do you need AD for if you already have an Identity Database you don't want to replace? – Mathias R. Jessen Oct 21 '13 at 19:56
  • 4
    What problem do you think you're solving by trying to do this? Take a step back and explain your actual problem, I'm **sure** that there's a better answer than what you're asking how to do. – MDMarra Oct 21 '13 at 20:02
  • Agreed. Why are you using AD in the first place? – joeqwerty Oct 21 '13 at 20:03
  • You can use any number of metadirectory products to sync, move, slice, or dice accounts - but AD *is*, amongst other things, a user database. You can work with that, but not *replace* it. – mfinni Oct 21 '13 at 20:20
  • Are you trying to cross-post http://stackoverflow.com/questions/17920964/how-can-i-connect-active-directory-to-use-from-a-radius-like-freeradius, but with less information? – 84104 Oct 21 '13 at 23:47
  • Thanks, But Because One of my applications Only support Active Directory and some others does not support It, I need to make single database for Both Of them – Mehrdad Amini Oct 22 '13 at 10:51
  • No, you'll need to find some way of keeping two user databases in sync, or using an LDAP passthrough to AD. – mfinni Oct 23 '13 at 14:50
  • Thanks @mfinni , I am Trying That Way (using an LDAP passthrough to AD). – Mehrdad Amini Oct 23 '13 at 20:14

1 Answers1

9

I uh... uhm... wha... no, please don't do this. Active Directory needs to use ntds.dit and that's that. NTDS.dit, the Active Directory database, is way more than just a repository of user accounts. Using some sort of custom Franken-database in place of NTDS.dit is nuts, and would in no way be supported by Microsoft at all. You can do things like synchronize objects in AD to another SQL database, or another LDAP server, but you still must use NTDS.dit.

Ryan Ries
  • 55,011
  • 9
  • 138
  • 197