Many of you will no doubt be aware that Microsoft released Active Directory Application Mode, otherwise known as ADAM, along with the release of Windows Server 2003 R2. ADAM is essentially an LDAP directory service specifically designed for directory enabled applications. It can be used when you want to provide an LDAP directory service for an application, where you don’t want to use Active Directory. There can be many reasons for this, the AD schema may not be suitable and you want to customise the schema to meet the applications specific needs or you simply may want to separate the application data from your production AD.
One of the great things about ADAM is its flexibility. It does not need Active Directory as an installation requirement, so it can be installed on a standalone server running Windows 2003 or on a workstation running XP. This flexibility means that you can implement an ADAM instance quickly and easily and use it for any purpose you want where you need an LDAP directory. For example the Exchange 2007 Edge server role, typically deployed in a perimeter network, uses an ADAM instance to hold user object details rather than exposing Active Directory to potential security threats.
ADAM is based on Active Directory and gives you many of the benefits associated with it, such as multi-master replication. It does not have the core NOS functionality of AD, such as Kerberos or DNS, but then it doesn’t need them. You get exactly what you need for creating a powerful LDAP directory solution without the overhead of a full blown Active Directory implementation. I’ve found it to be really handy in a number of situations. For example, developers who are writing an Active Directory aware application can use an ADAM instance on their own workstation for test and development rather than requiring access to a test AD forest. You can also run multiple instances on a single server/workstation if required.
Recently one of my customers asked me if it was possible to create a consolidated view of 2 separate LDAP directories in their organisation. One of these was used for authentication onto a UNIX platform and the other was acting as a repository for all users mail addresses. The quick and easy answer to the question was “Yes, use ADAM to create a central LDAP directory and then use vbscripts with ADSI to populate ADAM with the relevant user details from both directories.” The customer was able to implement this quickly, easily and cheaply using ADAM – I felt this was a perfect example of how the product can be used to meet this sort of requirement.
Installing ADAM and creating an ADAM instance is a straightforward task. The entire process takes about 10 minutes end to end:
For more information on ADAM, including white papers and FAQ’s check out the following link: