Technology Tips and News
I have AD LDS installed on a domain joined server (2012 R2). By default, the instance allows AD LDS principal authentication, Windows principal (AD or local) authentication and, optionally, AD LDS proxy authentication. I want to configure proxy authentication, which is well documented, but I also want to prevent any Windows principal authentication. I can find no documentation on restricting those login mechanisms.
Could anyone point me in the right dire
Go through below link which explains in details about :
administrating AD LDS Authentication and Access Control
Hope, this helps you.
Hi,
According to your description, do you mean that you want to prevent AD users and local users from logging on this proxy server?
If that is the goal, I dont think it is possible.
We can assign Deny log on locally user right to domain user accounts, so that common domain users cannot log on from the local computer, but we cant deny this right for domain admins and local administrator, I have tested this.
Deny logon locally
http://technet.microsoft.com/en-us/library/cc957048.aspx
Please feel free to let us know if there are any further requirements.
Best Regards,
Amy Wang
Hi,
Sorry for my misunderstanding before.
I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
Best Regards,
Amy Wang
Hi
Please try to connect to the ADLDS instance from ADSI EDIT on a DC, then grant users account deny permission on Read box and check if it works.
More information, please look through the article below:
http://technet.microsoft.com/en-us/library/cc816858(v=ws.10).aspx
Thanks.
Hi,
Any updates?
Regards,
Amy
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier