How to add ForeignSecurityPrincipals to AD LDS? Bringing 'AD users and computer accounts' to AD LDS as FSP?
How to add ForeignSecurityPrincipals to 'Active Directory Lightweight Directory Services' (AD LDS)? i.e. bringing 'AD security principals (users as well as computer accounts)' to AD LDS? Any script/ps cmdlet/tool?
Adding 'AD' security princials as "ForeingSecurtyPrincipals" to AD LDS using 'ADSI edit'
I know I can bring them by making them members of administrators/readers/users (i.e. in order to define roles for the 'AD users' as readers/users/administrators the foreign security principals need to be added - which makes sense - so ADSI edit is automatically adding the SIDs to foregin security principals container) (please see the attached image 
Question (what are different ways of doing it other than assigning roles using adsi edit):
But, I am wondering is there a way without making the security principal as member of one of the roles? especially I don't want to do this way for 'computer accounts' - as they are not categorized as 'administrators' or 'users' or 'roles' - default in AD LDS schema. I think I can extend the schema so that my AD LDS instance understands computer accounts and then add the computers there.
Just curious if there is another way to do it? any other tool or PS script will also do as well as I am pretty sure there are number of 'directory services admin tools'
Regards.
Actually it simply turned out to be that I can set 'permissions' on ad lds directory objects without adding to the 'ForeignSecuritypPrincipals' container...
So, I just set 'perms' based on sid (few examples are below, http://greatit.wordpress.com/2012/08/13/dsacls-and-built-in-groups/ )
Examples which grant 'generic all/full control' on AD LDS obect:
dscals "\\{myadldsserver}:{port}\cn=testadldsobect,cn=test,cn=com' /g {sid}:GA
dsacls {DN} /g {domain}/{username}:GA
dsacls {DN} /g {domain}/{machinename}$:GA
Regards.
- I am missing simplexml on my ubuntu machine but I can't download it
- How can I get the number of CPU cores in Powershell?
- How to convert String System Object into a Byte System Array in powershell?
- CD command in batch file does not work in PowerShell
- Run a .cmd file through PowerShell
- Powershell break a long array into a array of array with length of N in one line?
- On Windows what is the difference between Git Bash vs Windows Power Shell vs Command prompt
- Applying ACL Permissions using PowerShell Set-Acl
- Strange characters found in XML file and PowerShell output after exporting from Excel: ​
- (Powershell) Catch "Get-WinEvent : No events were found" Get-WinEvent
- A few groups in my ad are not found by the following script
- Adding default parameter to Powershell Core script
- How to change language/region and speech in Windows 10 with Powershell script
- Graph Powershell adding a user to PIM for a privileged security group
- Error while copying Azure Storage table from one Storage to another storage table using Powershell script
- Powershell "special" switch parameter
- In PowerShell, how do I define a function in a file and call it from the PowerShell commandline?
- remove the first character of each .txt file with Powershell
- Calling a C# delegate and then handling a callback in powershell
- How to prevent flickering caused by cls in a batch script?
- How can I replace newlines using PowerShell?
- Get-Printer Powershell script still showing columns even though they are excluded
- Is it secure to use a password argument in a Windows command?
- Read 'Attribute & Claims' from SAML Entra application configuration using PowerShell
- powershell: Getting path error while replacing json file
- Powershell - Install Windows Updates?
- How to select files that have no extension using powershell
- How do I use Get-ChildItem to return files that don't have an extension?
- See the docstring of my function with Visual Studio Code
- Azure KeyVault Secret near expiry list to email as a notification