So, are you saying that you want to automate a process to create bindProxy
objects in ADAM pointing to AD resources?  Typically, people use a tool like
ADAMSync to do this since it is usually not a one time load thing.  Your AD
will evolve over time and you want to stay in sync.

However, if you just want to do this programmatically, the most important
part is to set the objectSid attribute on the bindProxy object to the SID of
the windows user you want to proxy.  The actual syntax will vary depending
on the API that you use.  In .NET System.DirectoryServices, you get the SID
in binary format as a byte array and then set the objectSid attribute equal
to this byte array during the creation process before the first
CommitChanges call.  It is similar in script, but I don't know how to
actually deal with byte arrays in script very well, so I'm not sure of the
syntax.  Script would not be my first choice, although I'm also a .NET guy,
so I have a tendency to use it anyway.  You did ask this question on a .NET
newsgroup.  :)

You can also do this with LDIF files or the LDAP API or
System.DirectoryServices.Protocols, which is what I might elect to use,
depending on the other details.

Joe K.

I apologize for the delay, but I was not aware that a reply had existed.  Thanks Joe for the reply!  First I will explain my situation:  We have a .Net app that will utilize ADAM.  ADAM will bind to AD.  Some of the users we will add directly into ADAM.  Other users will be bound from AD.  The AD may contain 50K users, and we want to bind maybe 1000 of them.  In the MSFT doco, they talk about administrating ADAM Proxy objects programmatically using a tool that they supply called bindredirect.exe.  However, I can not find that application.  In a nutshell, what I would like to accomplish is a way that the admins can setup the proxy users more efficiently than by doing them one-by-one as seen via the LDP app.  Maybe I should investigate the ADAMsync tool for this.

On another similar topic, "ADAM and SSL", I cannot believe the trouble I am having to get this setup, especially since it seems like there's allot of doco out there stating how others have had trouble, and they specified what they have done to making the steps easier to understand.  I have still not succeeded with this.  I complete all the steps and still get the following error in LDP:

ld = ldap_sslinit("FICTIONWDA001.FIC.DEV", 50053, 1)
Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3)
Error 81 = ldap_connect(hLdap, NULL)
Server error: empty
Error 0x51: Fail to connect to FICTIONWDA001.FIC.DEV.

The other thing that puzzles me is that the MachineKeys directory that gets mentioned in every article, never gets a new file when I install the certificates.  There are 6 old files in there with long hash names. The server is 2003, and it also acts as a domain controller.

Any advice is greatly appreciated!