Updated: August 22, 2005
Applies To: Windows Server 2003 R2
For organizations that require flexible support for directory-enabled applications, Microsoft has developed Active Directory Application Mode (ADAM). ADAM is a Lightweight Directory Access Protocol (LDAP) directory service. You can run ADAM on servers running Microsoft® Windows ServerTM 2003 and also on clients running Microsoft Windows® XP Professional.
|To run ADAM on clients running Windows XP Professional, you must install the latest service packs and hot fixes.|
ADAM provides data storage and retrieval for directory-enabled applications, without the dependencies that are required for the Active Directory® directory service. ADAM provides much of the same functionality as Active Directory, but it does not require the deployment of domains or domain controllers. You can run multiple instances of ADAM concurrently on a single computer, with an independently managed schema for each ADAM instance.
What's new in ADAM
The following features are new to ADAM in Windows Server 2003 R2:
Users can be created in the configuration partition so that ADAM users can be ADAM administrators. For more information, see Allow ADAM users to be created in the configuration partition.
Active Directory to ADAM Synchronizer tool. This tool synchronizes objects from Active Directory to an ADAM instance. For more information, see Synchronize Data from Active Directory to an ADAM Instance and Adaminstall.
ADAM users can bind to an ADAM instance by using digest authentication. This authentication method uses the default credentials of the server applications and eliminates the need to keep a plaintext version of the application's password in memory. Digest bind is supported in Ldp.
Active Directory Schema Analyzer tool. This tool helps to migrate the Active Directory schema to ADAM. For more information, see ADSchemaAnalyzer.
Newer version of LDP tool with access control list (ACL) editor. For more information about Ldp, see Ldp.
ADAM can now chain user password requests in ADAM to the user object in Active Directory so that a password is changed in both directory services. When a user in ADAM who is also a user in Active Directory attempts to change the user password in ADAM, that change is treated the same as a user password change in Active Directory. Both the old and new password must be provided (except for Active Directory administrators, who only need to supply the new password), and the new password must meet any password policies that are set in Active Directory. Active Directory performs all policy checking.
Microsoft directory technologies
With the introduction of Active Directory Application Mode, Microsoft provides a choice of directory services. Both ADAM and Active Directory build on the same core Microsoft directory service technologies, but they address different needs within an organization.
Active Directory. Active Directory provides directory services for both the Windows network operating system (NOS) and for directory-enabled applications. For the NOS, Active Directory stores critical information about the network infrastructure, users and groups, network services, and so on. In this role, Active Directory must adhere to a single schema throughout an entire forest.
ADAM. ADAM provides directory services specifically for directory-enabled applications. ADAM does not require or rely on Active Directory domains or forests. However, in environments where Active Directory exists, ADAM can use Active Directory for the authentication of Windows security principals.
Directory services (such as ADAM and Active Directory) and relational databases both provide data storage and retrieval, but they differ in their optimization. Directory services are optimized for read processing, while relational databases are optimized for transaction processing. In general, consider implementing a directory service if your application reads data more frequently than it writes data. Consider implementing a relational database if your application writes or modifies data more frequently than it reads data, such as with transactional applications.
ADAM and Active Directory can run concurrently in the same network. In addition, ADAM can support both domain and workgroup users simultaneously, as shown in the figure below. For a comparison between ADAM and Active Directory, see Comparing ADAM to Active Directory.
A directory-enabled application uses a directory, rather than a database, flat file, or other data storage structure, to hold its data. Many off-the-shelf applications, as well as many custom applications, use a directory-enabled design. Examples of types of applications that often use a directory-enabled design include Customer Relationship Management (CRM) applications, Human Resource (HR) applications, and global address book applications.
For information about developing directory-enabled applications for ADAM, see the ADAM Software Developer's Kit (SDK) and ADAM resources.