Active Directory Application Mode (ADAM)
Summarize
Summary of Active Directory Application Mode (ADAM)
Active Directory Application Mode (ADAM) is a Lightweight Directory Access Protocol (LDAP)-compliant directory service designed for flexibility and customization. It requires administrator permissions and a foundational understanding of Microsoft Windows Server and Active Directory for effective setup and management.
Show less
Key Features
- Service Integration: ADAM operates as a Windows service and can be utilized as either a stand-alone LDAP directory or an application component.
- Compatibility: It supports various Windows operating systems, including Windows XP, 2000, 2003, and 2008, and is integrated into Windows Server 2003 R2 and later versions.
- Security Management: Security policies can restrict external connections to the Active Directory Domain Controller, allowing ADAM to block access to certain objects and attributes as needed.
- Consolidated Source: ADAM can serve as a central source for LDAP imports and authentications, easing the management of multiple domains and forests.
Key Outcomes
Implementing ADAM can simplify directory services management while supporting enhanced security and integration with existing Active Directory environments. Familiarity with AD object structures and delegation strategies is essential for a successful configuration, especially when using userProxy objects for authentication. Collaboration with an AD administrator is advised for those new to AD or ADAM.
Active Directory Application Mode (ADAM) is an Lightweight Directory Access Protocol (LDAP)-compliant directory service.
These are sample procedures. Due to installation and environment variations, we cannot offer direct support. We recommend working with a Microsoft consultant.
ADAM has a simple install and runs as a service on Windows operating systems. It can be fully customized and distributed as an application component or used as a stand-alone LDAP directory. ADAM uses the same technologies found on Active Directory Domain Controllers (including replication and delegation features) and has its own administration and customization features. It can be run as a Windows service. ADAM can be installed on Windows XP, 2000, 2003, and 2008 operating systems. ADAM is included as part of Windows Server 2003 R2 and Windows Server 2008. A download is available at http://www.microsoft.com/downloadshttp://www.microsoft.com/downloads for earlier operating systems.
Security
Some company security policies prohibit external vendors and partners from connecting directly to an Active Directory (AD) Domain Controller. If exposing certain AD objects or attributes to an external vendor or partner is prohibited, access to objects and attributes can be blocked using AD Security Access Control Entries (ACE or ACL). Depending on security requirements, this method can introduce complexity in the integration. Consolidating multiple domains and forests is recommended. If all LDAP imports and authentications need to be channeled through a single source, ADAM can be used as a consolidated source. With the release of Windows 2008 this functionality has been renamed to Light-Weight-Directory Service, LDS. Installation and configuration is similar to Windows Server 2003 R2.
Recommended Knowledge
For this task, you must understand AD, object classes and attributes. To have a successful integration, you need to be knowledgeable of the current AD object structure, familiar with Active Directory delegations, and have a strategy on how to use ADAM and for what purposes. If you are not familiar with AD or ADAM, work with your AD administrator to configure a new ADAM environment.
Trusts
If userProxy objects is used, the computer hosting ADAM needs to be a member of the domain that has the AD accounts, or a member of a trusted domain.
Internal Connectivity
If userProxy objects is used, the ADAM computer must be able to connect to the related Domain Controllers to perform proxy authentication.