Active Directory Application Mode (ADAM)
Summarize
Summary of Active Directory Application Mode (ADAM)
Active Directory Application Mode (ADAM) is an LDAP-compliant directory service designed for Windows operating systems, requiring a basic understanding of Microsoft Windows Server and Active Directory. It operates as a Windows service and can be customized for applications or used as a standalone LDAP directory.
Show less
Key Features
- Simple installation with support for Windows XP, 2000, 2003, and 2008.
- Utilizes technologies from Active Directory Domain Controllers, including replication and delegation.
- Allows for customized administration and configuration.
- Integration of ADAM with security policies, managing access control to AD objects using Access Control Entries (ACE or ACL).
- Consolidation of multiple domains and forests for streamlined LDAP imports and authentications.
Key Outcomes
By implementing ADAM, customers can effectively manage directory services while adhering to security policies. It enables the integration of external vendors without exposing sensitive AD attributes directly. Customers should be knowledgeable about Active Directory structures and delegations to ensure a successful integration and configuration of ADAM.
Active Directory Application Mode (ADAM) is an Lightweight Directory Access Protocol (LDAP)-compliant directory service.
These are sample procedures. Due to installation and environment variations, we cannot offer direct support. We recommend working with a Microsoft consultant.
ADAM has a simple install and runs as a service on Windows operating systems. It can be fully customized and distributed as an application component or used as a stand-alone LDAP directory. ADAM uses the same technologies found on Active Directory Domain Controllers (including replication and delegation features) and has its own administration and customization features. It can be run as a Windows service. ADAM can be installed on Windows XP, 2000, 2003, and 2008 operating systems. ADAM is included as part of Windows Server 2003 R2 and Windows Server 2008. A download is available at http://www.microsoft.com/downloadshttp://www.microsoft.com/downloads for earlier operating systems.
Security
Some company security policies prohibit external vendors and partners from connecting directly to an Active Directory (AD) Domain Controller. If exposing certain AD objects or attributes to an external vendor or partner is prohibited, access to objects and attributes can be blocked using AD Security Access Control Entries (ACE or ACL). Depending on security requirements, this method can introduce complexity in the integration. Consolidating multiple domains and forests is recommended. If all LDAP imports and authentications need to be channeled through a single source, ADAM can be used as a consolidated source. With the release of Windows 2008 this functionality has been renamed to Light-Weight-Directory Service, LDS. Installation and configuration is similar to Windows Server 2003 R2.
Recommended Knowledge
For this task, you must understand AD, object classes and attributes. To have a successful integration, you need to be knowledgeable of the current AD object structure, familiar with Active Directory delegations, and have a strategy on how to use ADAM and for what purposes. If you are not familiar with AD or ADAM, work with your AD administrator to configure a new ADAM environment.
Trusts
If userProxy objects is used, the computer hosting ADAM needs to be a member of the domain that has the AD accounts, or a member of a trusted domain.
Internal Connectivity
If userProxy objects is used, the ADAM computer must be able to connect to the related Domain Controllers to perform proxy authentication.