Craig McMurtry's WebLog

Response to Darrell's question about ADAM and AD

Darrell wrote:

If the organization you are developing for does have a directory service, but you need to modify the schema. In those cases, I have relied on AD for authentication, and then additional attributes linking userIDs to permissions for authorization.

Is there an easy way to keep an ADAM and a real AD synced?

 

The answer is that there is a way, which is not without a price tag, and which can be easy or not-so-easy.  Microsoft Identity Integration Server provides a means of keeping AD/AM and AD synchronized.  It's dead easy to connect AD to MIIS, connect AD/AM to AD, and then specify how the value of properties of objects in AD are to flow to AD/AM and vice-versa (or not vice-versa if you want AD to be the master copy).  What is also possible, but not quite as easy, is to provision into AD/AM users that exist in AD.  To do that, one has to write rule extensions, which can be challenging.  I'll cover those in subsequent posts. 

Published Thursday, March 04, 2004 10:22 AM by CraigMcMurtry

Comments

 

Spencer Harbar said:

If you are talking about syncing AD with Ad/AM there's no real cost - the identity integration feature pack can do it - free download at http://www.microsoft.com/downloads/details.aspx?FamilyID=d9143610-c04d-41c4-b7ea-6f56819769d5&DisplayLang=en
March 5, 2004 6:28 PM
 

Darrell said:

Spencer - yes, thanks. I saw that listed as a feature pack. Very useful too, since I don't need all the cross-platform stuff in MIIS.
March 12, 2004 2:31 PM
New Comments to this post are disabled

This Blog

Syndication

© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Microsoft
Page view tracker