Edit

ms-DS-Repl-Authentication-Mode attribute

  • Article

The ms-DS-Repl-Authentication-Mode attribute is used to specify which authentication method is used to authenticate replication partners. This attribute applies to the configuration partition of an ADAM instance.

The following values are the possible values for this attribute.

Value Authentication method Description
0
 Negotiated pass-through
 All ADAM instances in the configuration set use an identical account name and password as the ADAM service account.
1
 Negotiated
 Kerberos authentication (using SPNs) is attempted first. If Kerberos fails, NTLM authentication is attempted. If NTLM fails, the ADAM instances will not replicate.
2
 Mutual authentication with Kerberos
 Kerberos authentication, using service principal names (SPNs), is required. If Kerberos authentication fails, the ADAM instances will not replicate.

The following table contains the programmatic identifiers for the values of this attribute.

Value Identifier (from Ntdsapi.h)
0
 ADAM_REPL_AUTHENTICATION_MODE_NEGOTIATE_PASS_THROUGH
1
 ADAM_REPL_AUTHENTICATION_MODE_NEGOTIATE
2
 ADAM_REPL_AUTHENTICATION_MODE_MUTUAL_AUTH_REQUIRED
Entry Value
CN ms-DS-Repl-Authentication-Mode
Ldap-Display-Name msDS-ReplAuthenticationMode
Size -
Update Privilege -
Update Frequency -
Attribute-Id 1.2.840.113556.1.4.1861
System-Id-Guid 6e124d4f-1a3f-4cc6-8e09-4a54c81b1d50
Syntax Enumeration

Implementations

ADAM

Entry Value
Link-Id -
MAPI-Id -
System-Only False
Is-Single-Valued True
Is Indexed False
In Global Catalog False
NT-Security-Descriptor O:BAG:BAD:S:
Range-Lower -
Range-Upper -
Search-Flags 0x00000000
System-Flags 0x00000010
Classes used in Configuration