Microsoft Windows 2000 Server SP3
how to publish externally to Microsoft ADAm
High-level Steps : Assuming you will be publishing to OU=rsa
-setup ADAM with a partition eg ou=rsa, o=emc
-create a user in ADAM who you can use to bind and make sure the user is not disabled and the password cannot expire
-use an ldap client to test access with to partition using the username and password created in the previous line
-extend the schema of ADAM to include the following attributes :CertificateRevocationList and cACertificate
-create a New object class pkiCA
-make the two attributes CertificateRevocationList and cACertificate auxillary attributes in the pkiCA
--make the pkiCA like an auxillary class in the OrganisationUnit objectclass
SOME INFORMATION IS INCLUDED BELOW ABOUT EXTENDING THE SCHEMA AND ALLOWING ANONYMOUS ACCESS IN ADAM
ADD THE READER GROUP RIGHTS TO ANONYMOUS ACCESS IN ADAM :
Go into ADAM-adsiedit console (Start -> Programs -> ADAM ADSI Edit)
Right click the ADAM ADSI Edit text on the left and click ?Connect To??
Select the server name (or leave as localhost) and then select the port that the instance is listening on.
Click the Well-known naming context radio-button and select Configuration from the drop-down box. Click OK.
Expand My Connection [servername:port] on the left.
Expand CN=Configuration,CN={}
Expand CN=Services
Expand CN=WindowsNT
Right click CN=Directory Service and select Properties.
From the list of attributes fine dsHeuristics and enter the 7th bit as 2.
In my example I have dsHeuristics set as 0010012001001
Allowing directory listing on ADAM
Next we have to add an anonymous user to the Readers role within ADAM.
Go into ADAM-adsiedit console (Start -> Programs -> ADAM ADSI Edit)
Right click the ADAM ADSI Edit text on the left and click ?Connect To??
Select the server name (or leave as localhost) and then select the port that the instance is listening on.
Enter the distinguished name (DN) ? (for example O=Keon,C=GB) and click OK.
Expand your namespace on the left of the screen.
Click CN=Roles
The list of default roles are listed on the right hand-side of the screen.
Right click CN=Readers and click properties.
Double click on the Member attribute.
Click the Add Windows Account button
Find the ?ANONYMOUS LOGON? rdn and click OK.
Click OK again.
Stop and restart the ADAM instance.
EXTENDING THE SCHEMA OF ADAM :
These are attributes we need to add :
MMC
ADAM ADSI Edit
New Object
attribute Schema
cn: Certificate-Revocation-List
oMSyntax: 4
ldapDisplayName: CertificateRevocationList
Sungle-Valued: TRUE
attributeSyntax: 2.5.5.10
attributeID: 2.5.4.39
Finish
New Object
attribute Schema
cn: CA-Certificate
oMSyntax: 4
ldapDisplayName: cACertificate
Sungle-Valued: FALSE
attributeSyntax: 2.5.5.10
attributeID: 2.5.4.37
Finish
ADAM Schema
Conect to ADAM Server
New
Class
Common Name: pkiCA
LDAP DisplayName: pkiCA
Unique x500 Object ID: 2.5.6.22
Parent Class: top
Class type: Auxilary
next
Optional - Add - select certificateRevocationList and cACertificate
Finish
Select Organizational-Unit. Right Click - properties
Relationship - Auxilary
Related Articles
Cannot start RSA Certificate Manager when using Microsoft Active Directory Application Mode (ADAM) for datastore but work… Number of Views Problems installing Access Manager 6.0 with ADAM as a datastore. Number of Views Failed to backup the system secrets error while performing RSA Authentication Manager backup Number of Views How to perform a file system check (fsck) on an Authentication Manager 8.x virtual server using GRUB Number of Views Troubleshooting RSA MFA Agent for Microsoft AD FS Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA-2026-07: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
