Cool and no problem. Glad to help. :)
Once in FFL2[1] the bare minimum you have to set could be done with the
following:
dn: cn=dynamicuser,cn=users,dc=dom,dc=local
changetype: add
objectclass: user
objectclass: dynamicobject
That will create a user with a random sAMAccountName and userAccountControl
set to 546 (disabled with no password required) and no password set on the
account. The account would have a default TTL of the forest default which
would be 24 hours. You can specify a different value in seconds by setting
(or updating) the entryTTL attribute.
joe
[1] That is the mode for Windows Server 2003 Forest Functional Model which
guarantees all DCs in the forest are running at least Windows Server 2003
so would have the ability to handle dynamic objects properly (you don't
want objects disappearing from only some of the DCs in the forest when TTL
expires).
joe
2011/11/28 Michael Ströder <[email protected]>
> Michael Ströder wrote:
> > Vladimir Dzhuvinov / NimbusDS wrote:
> >>> I'd like to do some more interop testing regarding dynamic entries
> (see RFC
> >>> 2589). Any servers except OpenLDAP with slapo-dds which support the
> Refresh
> >>> Extended Operation?
> >>
> >> Judging by the RFC sponsors it looks like MS Active Directory should
> >> have support for that.
> >
> > They seem to have the AUXILIARY object class dynamicObject in the schema
> (MS
> > AD and ADAM). It's referenced in a DIT content rule (sigh!). Anyway I
> could
> > not create a dynamic entry.
>
> Based on a hint (thanks Joe) I raised the forest functional level to 2 and
> now
> it worked also with Refresh Extended Operation.
>
> Ciao, Michael.
>
>
>
--
O'Reilly Active Directory Fourth Edition -
http://www.joeware.net/win/ad4e.htm
Blog: http://blog.joeware.net
