Managing COM+ partition sets in Active Directory

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Managing COM+ partition sets in Active Directory

COM+ partition sets stored in Active Directory can contain one or more COM+ partitions and are used to assign one or more applications, residing on an application server, to domain users or organizational units. For more information about COM+ partitions, see Managing COM+ partitions in Active Directory.

Each COM+ partition set defines the COM+ partitions for which a domain user is permitted to access.

COM+ partition sets provide the following advantages to both administrators and application programmers:

  • Administering distributed applications becomes much easier because you can tailor access of a particular set of domain users to a specific set of applications.

  • Security policies can be applied to domain users and organizational units within each partition set.

Before assigning COM+ partition sets, you must first logically group one or more COM+ partitions into a single COM+ partition set. Once a COM+ partition set has been defined, you can make applications available throughout the domain by mapping COM+ partition sets to domain users or organizational units. To do this, you must perform tasks on both the domain controller where Active Directory resides and on the application server where the COM+ application is installed.

Tasks to perform on a domain controller

You must first create a COM+ partition within Active Directory by using Active Directory Users and Computers or, programmatically, by using Active Directory Service Interfaces (ADSI). For more information, see Create a COM+ partition in Active Directory. Once you have created and configured your COM+ partitions in Active Directory, you can use Component Services on an application server to associate a local COM+ partition with a COM+ partition stored in Active Directory.

After the COM+ partition is created and you have associated it with a local COM+ partition, you need to create a COM+ partition set. When creating a COM+ partition set, you can define the COM+ partitions that comprise that set. Creating a COM+ partition set is done either by using Active Directory Users and Computers or, programmatically, by using Active Directory Service Interfaces (ADSI). For more information, see Create a COM+ partition set in Active Directory.

Finally, you map domain users or organizational units to the newly created COM+ partition set. You can associate multiple users or organizational units with a COM+ partition set at one time instead of having to map multiple user identities or organizational units. For more information, see Map a user or organizational unit to a COM+ partition set.

Tasks to perform on Application servers

Using Component Services you can link a single COM+ application stored locally on an application server to a single COM+ partition stored in Active Directory. You can do this by creating a local COM+ partition on the application server, through Component Services, and changing the local COM+ partition ID to reflect the COM+ partition ID located in Active Directory.

Each COM+ partition in Active Directory has a general description, a unique name, and a unique partition ID. The partition ID is what associates the local COM+ partition to the COM+ partition defined in Active Directory. The COM+ partitions defined in Active Directory are intended to be unique across an enterprise. A local COM+ partition is necessary in order to store the COM+ application on an application server, which may also have multiple versions of a specific application installed.

You can define a local COM+ partition ID on the application server and then later revise the partition ID in Active Directory to match it. Or, you can define a COM+ partition ID in Active Directory and then later revise the partition ID on the application server to match the one in Active Directory.

Note

  • Local COM+ partitions are sometimes referred to as Empty Partitions in the Component Services user interface.