Introduction
What is ADAM?
ADAM stands for Active Directory Application Mode. It provides a Directory Service on Windows 2003 server. It has a Lightweight Directory Access Protocol (LDAP) support to communicate with ADAM instance. It can also be integrated to Active Directory Federated Services (ADFS) in order to achieve single sign-on functionality. For more information on ADFS, see http://msdn.microsoft.com/msdnmag/issues/06/11/SingleSignOn/default.aspx
Who should use ADAM?
ADAM should be used by those who don't want to setup the domain controller to enable directory services. Instead of this they can use ADAM. It is easy to install and maintain. Unlike other Active directories, you don't require a specialized professional to work with ADAM which results in lower cost.
Advantages of ADAM
Easy to deploy
Developers and end users can easily deploy Active Directory Application Mode as a lightweight directory service on most Windows Server 2003 platforms and on Windows XP Professional. You can easily install, reinstall, or remove the ADAM application directory, making it the ideal directory service to deploy with an application.
Reduced costs
By using a single directory technology for both your NOS and application directory, you can reduce overall infrastructure costs. Additional investments are not required for training, administration, or management of your application directory. Application programming interfaces (LDAP, Active Directory Service Interfaces (ADSI), and Directory Services Markup Language (DSML)) are also equivalent between the two directory services, so that you can build applications on ADAM and then migrate it to the corporate Active directory as needed, with minimal change.
Increased security
Because Active Directory Application Mode is integrated with the Windows security model, any application that is deployed using ADAM can authenticate access against Active Directory across the enterprise.
Scenario
- Consider a scenario in which a portal application must store personalization data that is associated with users who are authenticated by the NOS directory (Active Directory), but storing this personalization data in the NOS directory would require schema changes to the user class in the NOS directory. In this scenario, the application can use Active Directory for authentication and service publication while using Active Directory Application Mode to store user personalization data.
- Consider another scenario in which the system doesn't use Active directory to store user information. In such a scenario, Active Directory Application Mode is a perfect fit. Because ADAM can host user objects that are not Windows security principals but that can be authenticated using LDAP simple binds, all the user information, as well as authorization data for these applications can be stored in ADAM.
Accessing ADAM using .NET 2.0 (brief overview)
As mentioned earlier, an ADAM instance can be communicated using Lightweight Directory Access Protocol (LDAP). NET 2.0 uses ActiveDirectoryMembershipProvider
class to access ADAM. This same class is being used to access Active Directory also.
Web.config settings:
<connectionStrings>
<add name="ADAMConnectionString"
connectionUsername="CN=ADAMAdmin,OU=SSUsers,DC=SS_AT"
connectionPassword="yourAdminUserPassword"
connectionProtection="None" enableSearchMethods="true"
enablePasswordReset="false" requiresQuestionAndAnswer="false"
minRequiredPasswordLength="6"
</providers>
</membership>
</system.web>
Important
- The server name is the name of the system on which ADAM is installed.
- Please make sure that the
connectionUserName
user must have Administrative rights. Otherwise you'll get an error if you try to create a user or change the password.
You can set the password policy for the ADAM users by setting following properties in the <providers>
element of your Web.config file.
minRequiredPasswordLength
minRequiredNonalphanumericCharacters
Creating a user in ADAM
To create a new user in ADAM, you can use the following method. The syntax is:
Membership.CreateUser(string username, string pwd)
Accessing the currently logged in user
The GetUser()
method of the Membership
class is used to access the currently logged in User of ADAM. The syntax is:
Membership.GetUser()
This method has many other overloads. If you want to access any other user based on the username then, you can use this following overload: The syntax is:
Membership.GetUser(string username)
Changing the password of the ADAM user
To change the password of the ADAM user, you can use the following method. The syntax is:
Membership.Providers.ChangePassword(string username,
string oldPwd, string newPwd)
Conclusion
I hope you got a brief overview of ADAM and how it can be accessed using .NET 2.0. In my next article, I'll present the extensive overview of working with ADAM using .NET 2.0 with sample code.
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.