Active Directory Application Mode (ADAM)

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Active Directory Application Mode (ADAM)

    Active Directory Application Mode (ADAM) is an LDAP-compliant directory service that runs as a Windows service and offers a customizable, standalone LDAP directory solution. It uses core Active Directory technologies such as replication and delegation but operates independently from Active Directory Domain Controllers. ADAM supports Windows XP, 2000, 2003, and 2008 operating systems and is included in Windows Server 2003 R2 and 2008. For earlier systems, ADAM can be downloaded separately.

    Show full answer Show less

    Key Features

    • Lightweight and Customizable: ADAM is a lightweight LDAP directory that can be fully customized and distributed as an application component.
    • Security and Access Control: It allows control over object and attribute exposure using AD security Access Control Entries (ACE/ACL), helping to meet company security policies that restrict external vendor access to Active Directory Domain Controllers.
    • Consolidation and Integration: ADAM can serve as a consolidated LDAP source for imports and authentication, simplifying integration when multiple domains and forests exist.
    • Trust and Connectivity Requirements: When using userProxy objects, the ADAM host must be a domain member or belong to a trusted domain and maintain connectivity with Domain Controllers for proxy authentication.
    • Windows 2008 Update: In Windows Server 2008, ADAM functionality is renamed to Lightweight Directory Service (LDS), with similar installation and configuration.

    Practical Considerations for ServiceNow Customers

    • Administrator Permissions Required: Ensure you have administrator rights on the server configuring ADAM.
    • AD Knowledge Needed: A solid understanding of Active Directory, including object classes, attributes, and delegation, is essential for successful ADAM integration.
    • Collaboration with AD Administrators: If unfamiliar with AD or ADAM, collaborate with your AD administrator to plan and configure ADAM appropriately.
    • Security Compliance: Use ADAM to maintain security policies that prevent direct external access to AD Domain Controllers, protecting sensitive directory data during vendor or partner integrations.

    Expected Outcomes

    By implementing ADAM, ServiceNow customers can securely expose selected directory data to external applications or partners without compromising their primary Active Directory environment. ADAM enables flexible, lightweight LDAP services that support complex integration scenarios, while adhering to security policies and maintaining connection requirements for proxy authentication. This results in improved security posture and streamlined directory integration processes.

    Active Directory Application Mode (ADAM) is an Lightweight Directory Access Protocol (LDAP)-compliant directory service.

    Note:
    A basic level of understanding with Microsoft Windows Server and Active Directory is needed for understanding this topic. You must also have administrator permissions on the server you are configuring for ADAM.

    These are sample procedures. Due to installation and environment variations, we cannot offer direct support. We recommend working with a Microsoft consultant.

    ADAM has a simple install and runs as a service on Windows operating systems. It can be fully customized and distributed as an application component or used as a stand-alone LDAP directory. ADAM uses the same technologies found on Active Directory Domain Controllers (including replication and delegation features) and has its own administration and customization features. It can be run as a Windows service. ADAM can be installed on Windows XP, 2000, 2003, and 2008 operating systems. ADAM is included as part of Windows Server 2003 R2 and Windows Server 2008. A download is available at http://www.microsoft.com/downloadshttp://www.microsoft.com/downloads for earlier operating systems.

    Security

    Some company security policies prohibit external vendors and partners from connecting directly to an Active Directory (AD) Domain Controller. If exposing certain AD objects or attributes to an external vendor or partner is prohibited, access to objects and attributes can be blocked using AD Security Access Control Entries (ACE or ACL). Depending on security requirements, this method can introduce complexity in the integration. Consolidating multiple domains and forests is recommended. If all LDAP imports and authentications need to be channeled through a single source, ADAM can be used as a consolidated source. With the release of Windows 2008 this functionality has been renamed to Light-Weight-Directory Service, LDS. Installation and configuration is similar to Windows Server 2003 R2.

    Recommended Knowledge

    For this task, you must understand AD, object classes and attributes. To have a successful integration, you need to be knowledgeable of the current AD object structure, familiar with Active Directory delegations, and have a strategy on how to use ADAM and for what purposes. If you are not familiar with AD or ADAM, work with your AD administrator to configure a new ADAM environment.

    Trusts

    If userProxy objects is used, the computer hosting ADAM needs to be a member of the domain that has the AD accounts, or a member of a trusted domain.

    Internal Connectivity

    If userProxy objects is used, the ADAM computer must be able to connect to the related Domain Controllers to perform proxy authentication.