How do you use multiple domains with one service account?
SMOD uses one service account for all access to Active Directory. SMOD also supports the user of multiple domains. To use SMOD with multiple domains, the SMOD service account must have the correct privilege levels in all the domains that are listed in the Domain Management. Generally, this will mean that a transitive trust relationship exists between the SMOD service account domain and each other domain being used and that the SMOD service account is a part of the other domains Domain Admins group or other privileged group to give the SMOD service accounts appropriate rights to the other domains.
Where is the SMOD service account information stored?
SMOD service account is stored using 128 bit encryption in SMOD proprietary configuration files.
Can I make my own category XML files?
Yes. Category XML files can both be created and edited outside of the SMOD admin interface. IIS should be restarted whenever this is done. It is however recommended that the SMOD admin interface is used.
Does SMOD support SSL?
Yes, SMOD fully supports SSL to allow secure encrypted information over the wire.
What happens if I add an attribute that does not exist in my Active Directory?
SMOD application performs a schema enumeration when the application is invoked for the first time after an IIS restart. At this time, all attributes that are enumerated are compared to the attributes in the Category XML files. If an attribute is defined in the Category XML files that does not exist in any of the domains, the attribute is discarded and ignored.
What if an attribute exists in one domain but not in another domain?
SMOD keeps track of attributes on a domain by domain basis. If an attribute does not exist in a domain and a user from that domain logs in, the attribute will not be shown to that user.
What happens if an attribute is read-only or system generated?
The attribute should be defined as read only when the admin configures the attribute through the SMOD admin interface. If however this is misconfigured and users try to write the attribute an error message will be displayed for the user since the write to Active Directory will fail.