I work on an evaluation project of PMP. We have the situation where we have multiple AD domains, which are not related to eachother. I would like to have one instance of PMP, which can reset passwords on all domains but without using an agent.

My installation is running on Windows Server 2003, and I'm running PMP 6.1 (evaluation). The server is part of an AD domain (vdc1.local - LOCAL). I can verify passwords against AD in this domain.

I've added another resource pointing to a domain controller in another domain (noc.local - NOC). In this resource I can't verify a password. I do see communication on tcp port 389 (ldap) to the domain controller. I furthermore see information logged in C:\Program Files\PMP\logs\native_log.txt:

[22:59:30 07/22/09 .\src\ADNativeUtils.cpp 246]::ADPath : LDAP://1.2.3.4:389/CN=Administrator,CN=Users,DC=noc,DC=local
[22:59:30 07/22/09 .\src\ADNativeUtils.cpp 247]::ADuserName : ndrimmelen
[22:59:30 07/22/09 .\src\ADNativeUtils.cpp 266]::Failed to get the domain object 8007202a

PMP is connected to the first AD. Authentication is done via AD.

Now my questions:

1. How does the mechnism work? Errorcode 8007202a seems to mean: The authentication mechanism is unknown... but I don't know how PMP is trying to connect (obviously via ldap) or which credentials are used?

2. I noticed ldap is used without SSL, is there a way to force SSL use?

3. When I define the resource, I use the Windows Domain resource type, which means I have to enter something in the domain field. Would that be the Netbios name, or the DNS name? (NOC vs. noc.local)

Many thanks for any help,
Niels