ms-DS-Repl-Authentication-Mode attribute

The ms-DS-Repl-Authentication-Mode attribute is used to specify which authentication method is used to authenticate replication partners. This attribute applies to the configuration partition of an ADAM instance.

The following values are the possible values for this attribute.

Value	Authentication method	Description
0	Negotiated pass-through	All ADAM instances in the configuration set use an identical account name and password as the ADAM service account.
1	Negotiated	Kerberos authentication (using SPNs) is attempted first. If Kerberos fails, NTLM authentication is attempted. If NTLM fails, the ADAM instances will not replicate.
2	Mutual authentication with Kerberos	Kerberos authentication, using service principal names (SPNs), is required. If Kerberos authentication fails, the ADAM instances will not replicate.

The following table contains the programmatic identifiers for the values of this attribute.

Value	Identifier (from Ntdsapi.h)
0	ADAM_REPL_AUTHENTICATION_MODE_NEGOTIATE_PASS_THROUGH
1	ADAM_REPL_AUTHENTICATION_MODE_NEGOTIATE
2	ADAM_REPL_AUTHENTICATION_MODE_MUTUAL_AUTH_REQUIRED

Entry	Value
CN	ms-DS-Repl-Authentication-Mode
Ldap-Display-Name	msDS-ReplAuthenticationMode
Size	-
Update Privilege	-
Update Frequency	-
Attribute-Id	1.2.840.113556.1.4.1861
System-Id-Guid	6e124d4f-1a3f-4cc6-8e09-4a54c81b1d50
Syntax	Enumeration

Implementations

• ADAM

ADAM

Entry	Value
Link-Id	-
MAPI-Id	-
System-Only	False
Is-Single-Valued	True
Is Indexed	False
In Global Catalog	False
NT-Security-Descriptor	O:BAG:BAD:S:
Range-Lower	-
Range-Upper	-
Search-Flags	0x00000000
System-Flags	0x00000010
Classes used in	Configuration