What is the difference between an ActiveDirectory object with a ObjectClass of UserProxy and a ObjectClass of User? Does an application binding against these objects need to do so differently in any way?
Most of my Google searches for UserProxy refer to "ActiveDirectory Application Mode (ADAM)". Is UserProxy specific to ADAM?
Thanks.
Yes, userProxy is specific to ADAM/LDS and is just an object of the user class containing the ms-DS-Bind-Proxy auxillary class and no password.
When a user matching a userProxy object in an ADAM/LDS partition is authenticated using a simple bind, the request is proxied to an Active Directory partition containing the actual user object. Thus, the userProxy object's objectSID has to match the SID of an existing enabled user object in an Active Directory partition that the ADAM/LDS partition can proxy requests to.
That way an ADAM/LDS application can authenticate AD users without storing/caching passwords.
