Results 1 to 7 of 7

Thread: Joining a Domain

  1. #1
    mesbaba8 is offline Junior Member
    Join Date
    Jun 2007
    Posts
    5
    Rep Power
    8

    Default Joining a Domain

    Hi,

    I've a running windows domain environment, windows2008 server as pdc.
    Is it possible for zimbra to join that domain ?
    or some other workaround, for some integration of passwords/accounts etc?

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,492
    Rep Power
    56

    Default

    Quote Originally Posted by mesbaba8 View Post
    I've a running windows domain environment, windows2008 server as pdc.
    Is it possible for zimbra to join that domain ?
    or some other workaround, for some integration of passwords/accounts etc?
    I presume you mean authenticate users against another external (LDAP) server? Did you search the forums and wiki or read the Admin Guide about this type of functionality?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    mesbaba8 is offline Junior Member
    Join Date
    Jun 2007
    Posts
    5
    Rep Power
    8

    Default

    yes,but i guess i have to create accounts both on windows and zimbra for this to work.

    i mean if i create users for zimbra, the integration does not mean much for me, because clients are using pop3 mostly, outlook configured once only.

  4. #4
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,492
    Rep Power
    56

    Default

    Quote Originally Posted by mesbaba8 View Post
    yes,but i guess i have to create accounts both on windows and zimbra for this to work.
    Yes, that's correct but don't the users already exist on your AD Domain? If they don't then what's the point of using any other external authentication.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    bofh is offline Elite Member
    Join Date
    May 2010
    Posts
    272
    Rep Power
    5

    Default

    allright little insight in active directory

    normaly you always have to make an AD user and then a user / right within the server product you wanna use (like ms sql server)
    only exception are remote desktop services and other built ins...

    anyway usually there are 2 parts firth the authentication data - thats the AD user - second the specific product related data like exchange, sql or whatever (not app data but configs, users and stuff)

    some products store all of them in the ad and you can use its befenfits like replication - some store their configs in their own format or ldap


    so i make an example with ms sql server and compare it to the zimbra integration

    both can AD for authentication but dont have too
    both stores their specific config in their own storage - zimbra in its own ldap , mssql in its databases
    in both cases you have to make an ad user and then an sql/zimbra user later - or in both cases you can make an native user without AD

    in both cases only benefit is authentication is central managed by ad (passwords and stuff)

    only difference is mssql has an mmc interface zimbra has its own

    ---

    so the point is zimbra ads integration doenst give you less benefit as most products for windows server would do

    i think you may have hoped for something you could managed everything in the user from the userpanel

    well this is only possible for a few microsoft products - and while it sounds nice - it isnt because it comes with a big backdraw

    when you have to upgrade your forrest you easy crash everything because of those services - more vey integrated AD products you have harder and riskier and upgrade can be


    in zimbra you have the advantage that everything is in its own ldap while only authentication is made by the ad

    it may sound less integrated but its better that way
    the microsoft experiment with everything managed by ad wasnt their brightest idea ever
    - shure it sounds nice only one thing you have to replicate, everything managed in one directory - easy trusts... but make an upgrade and you see the truth

    so authentication itself is already a good befenefit - what else on the integrationpart do you really need more ?

    and thers a reason why oracle or ms sql dont offer much more integration themself as zimbra does


    btw you really have to use imap - user may never see their spam if you dont and cannot train it


    ---
    bottomline befenfits of ad integration
    only one user table - only one password each
    user can change their password either in zimbra or on a windows machine or by an AD admin and have it aplied to both windows and zimbra world

    you can force users to change their passwords easier (like all 6 months they have too which is a good idea)
    you have to maintain only one table - so if you have to lock a user you dont have to look in several admin panels to lock him out everywhere

    in case of an hack attemp he will be locked out everywhere which is more security

    so yes it has benefits and it is not a bad idea todo it - and not really hard either
    Last edited by bofh; 04-24-2012 at 10:50 PM.

  6. #6
    mesbaba8 is offline Junior Member
    Join Date
    Jun 2007
    Posts
    5
    Rep Power
    8

    Default

    Thank you sir,for your time.
    I actually was looking for user creation/deletion via AD, but i think you are right.

    for the POP3/IMAP, i know the drawbacks, but the more disk usage on server == the harder to have backup.

    it took 10 hours the last time i copied zimbra directory to /backups

  7. #7
    bofh is offline Elite Member
    Join Date
    May 2010
    Posts
    272
    Rep Power
    5

    Default

    lol and you think making no backups make that better?
    because this is basically you do now

    all your clients download via pop3 and then?
    who si backuping the client pcs ?

    shure the proability of a total fail is lower that way but vey high chances of a little data loss once in a while


    btw adjuft the backup and you need only a few minutes to backup zimbra no matter how bis is the total size jsut a thing how to do

    and bevore you ask ther several threads about this all answers are there

    pps: about the user creation - you could script something together with the powershell
    simple batch should be possible to make an ad and zimbra user - anyway what you want cant be dont with windows boardtools thats not the way AD was designed

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 7
    Last Post: 04-27-2009, 02:49 AM
  2. Replies: 20
    Last Post: 03-18-2008, 05:37 AM
  3. [SOLVED] Remove main domain!
    By zibra in forum Administrators
    Replies: 11
    Last Post: 09-27-2007, 08:50 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •