Last post Jun 25, 2009 10:08 AM by TomRob
Jun 25, 2009 10:08 AM|TomRob|LINK
it would be nice if someone could help me get on the right track, as I'm new to AD development.
We have a technical AD user on a host that we use to write to Exchange on that machine.
The problem is that in the audit log we only see the technical user, not the client who made changes (For instance, "last change" when
creating a contact in Outlook)
We also have an application server (i'm hoping I can treat it as relay) sitting in between so the setup is:
AD <-> Exchange <-> AppServer <-> Client
("<->" represents network connection)
The client app is logged in at the AD machine with Kerberos, so I can get a valid Token.
The technical user lives on the Exchange side.
Could I simply marshal the WindowsIdentity from the client to the AD server, and then Impersonate there?
Or would I need to use AD delegation?
I thought about an even simpler solution, if possible. Could the technical user not just change access attributes?
What do you think? Thanks for your opinions!