Understanding Proxy Authentication with multiple domains in AD LDS

Understanding Proxy Authentication with multiple domains in Active Directory LDS


What is Proxy Authentication?

Proxy Authentication allows a user to authenticate against an AD LDS instance while using the password that is stored in Active Directory. In AD LDS you can use AdamSync.exe to create a UserProxy or UserProxyFull object in AD LDS. The Proxy object in AD LDS looks like a traditional user object however it does not have a password stored on it. When an application is pointed to the AD LDS instance and tries to authenticate the AD LDS server pass the SID and password to the domain controller to verify the credentials are correct.


Proxy Authentication with Multiple Domains

ADMT Unable to create or merge object

Problem:

Recently i was migrating a large group of user accounts from one domain to another and the ADMT tool crashed on me unexpectedly. When i restarted the tool one of the accounts gave me the following error "2014-07-01 09:40:15 WRN1:7665 Unable to create or merge object 'CN=John Doe,OU=Users,DC=Domain,DC=com' as another instance of ADMT is currently creating or merging the same object." After searching online i figured out the following steps to resolve this issue.

Resolution: