XFOR: MCIS How to Change the Authentication Container (241815)

SUMMARY

Depending on the initial configuration of the Membership directory, user objects may have been created in peer containers to the OU=Members containers, rather than as sub-containers of OU=Members. For example, Joe User's distinguished name (DN) is cn=JoeUser, ou=SomeContainer, o=Organization rather than cn=JoeUser, ou=SomeContainer, ou=Members, o=Organization

In this case, the Membership Server instance cannot authenticate the user.

By default, the Membership Server instance authenticates using the OU=Members container and its subcontainers.

This behavior can be modified using the Pmadmin tool (from the Microsoft Site Server installation) or the Metaedit tool (from the Microsoft Internet Information System [IIS] Resource Kit).

Using the Pmadmin Tool

1. Determine the Membership instance ID. The ID represents the order of creation of the Membership Server instances beginning with 1 as the first instance.
2. Determine the container to be used for authentication. Note that the container name to be typed in the Pmadmin command should have the O=Organization part stripped.
3. Then, run Pmadmin:

   PMADMIN SET AUTHSVC /ID=Instance ID /BASEDN=Container name

4. You will be prompted to restart the Broker service. Type Yes in the dialog box.

Using the Metaedit Tool

1. Determine the Membership instance ID. The ID represents the order of creation of the Membership Server instances beginning with 1 as the first instance.
2. Determine the container to be used for authentication. Note that the container name to be typed into the Metaedit command should have the O=Organization part stripped.
3. Then, run Metaedit:
   1. Go to the \LM\BrokSvc\Instance ID\Configurations\Extension key.
   2. The property value with ID 108 represents the container name. Set the value of this property to Container Name.
4. You must manually restart the Site Server Authentication Service.