Active Directory Application Mode (ADAM)

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Active Directory Application Mode (ADAM)

    Active Directory Application Mode (ADAM) is an LDAP-compliant directory service that runs as a Windows service and can be fully customized. It uses technologies similar to Active Directory Domain Controllers, including replication and delegation, but operates as a standalone LDAP directory or as an application component. ADAM is included with Windows Server 2003 R2 and 2008, and can be installed on Windows XP, 2000, 2003, and 2008. From Windows Server 2008 onward, ADAM is renamed to Lightweight Directory Services (LDS).

    Show full answer Show less

    Key Features

    • Customizable LDAP Directory: ADAM allows tailored directory services separate from the main Active Directory, supporting flexible deployment.
    • Security and Access Control: It enables restricting vendor or partner access to AD objects by using Security Access Control Entries (ACEs/ACLs), helping enforce company security policies.
    • Consolidation of LDAP Sources: ADAM can act as a centralized LDAP source, consolidating multiple domains and forests for authentication and data imports.
    • Integration Requirements: To use ADAM effectively, knowledge of Active Directory object classes, attributes, and delegation is essential. The hosting computer must be domain-member or trusted domain-member when using userProxy objects and maintain connectivity to relevant Domain Controllers.

    Practical Considerations for ServiceNow Customers

    • Administrator Permissions Required: Server administrator rights are necessary for ADAM installation and configuration.
    • Security Compliance: Use ADAM to prevent direct external access to Active Directory Domain Controllers, aligning with strict security policies.
    • Network and Trust Setup: Ensure domain membership and network connectivity to Domain Controllers when proxy authentication is needed.
    • Consultation Recommended: Due to installation variability and complexity, collaborating with Microsoft consultants or AD administrators is advisable for successful ADAM integration.

    Active Directory Application Mode (ADAM) is an Lightweight Directory Access Protocol (LDAP)-compliant directory service.

    Note:
    A basic level of understanding with Microsoft Windows Server and Active Directory is needed for understanding this topic. You must also have administrator permissions on the server you are configuring for ADAM.

    These are sample procedures. Due to installation and environment variations, we cannot offer direct support. We recommend working with a Microsoft consultant.

    ADAM has a simple install and runs as a service on Windows operating systems. It can be fully customized and distributed as an application component or used as a stand-alone LDAP directory. ADAM uses the same technologies found on Active Directory Domain Controllers (including replication and delegation features) and has its own administration and customization features. It can be run as a Windows service. ADAM can be installed on Windows XP, 2000, 2003, and 2008 operating systems. ADAM is included as part of Windows Server 2003 R2 and Windows Server 2008. A download is available at http://www.microsoft.com/downloadshttp://www.microsoft.com/downloads for earlier operating systems.

    Security

    Some company security policies prohibit external vendors and partners from connecting directly to an Active Directory (AD) Domain Controller. If exposing certain AD objects or attributes to an external vendor or partner is prohibited, access to objects and attributes can be blocked using AD Security Access Control Entries (ACE or ACL). Depending on security requirements, this method can introduce complexity in the integration. Consolidating multiple domains and forests is recommended. If all LDAP imports and authentications need to be channeled through a single source, ADAM can be used as a consolidated source. With the release of Windows 2008 this functionality has been renamed to Light-Weight-Directory Service, LDS. Installation and configuration is similar to Windows Server 2003 R2.

    Recommended Knowledge

    For this task, you must understand AD, object classes and attributes. To have a successful integration, you need to be knowledgeable of the current AD object structure, familiar with Active Directory delegations, and have a strategy on how to use ADAM and for what purposes. If you are not familiar with AD or ADAM, work with your AD administrator to configure a new ADAM environment.

    Trusts

    If userProxy objects is used, the computer hosting ADAM needs to be a member of the domain that has the AD accounts, or a member of a trusted domain.

    Internal Connectivity

    If userProxy objects is used, the ADAM computer must be able to connect to the related Domain Controllers to perform proxy authentication.