Install AD/AM, the Secure Windows LDAP Service
来源:互联网 发布:小米的网络设置在哪里 编辑:程序博客网 时间:2024/06/09 18:12
by Rob Hawthorne February 11, 2005
Although AD/AM and AD share the same code base (and general purposes) and even are developed by the same MS development team, a couple of major differences allow AD/AM the flexibility to be used in online architectures that just can't be afforded to a full blown NOS.
This article demonstrates the AD/AM installation process. It isn't intended to be a features list or sales pitch for AD/AM, but without an understanding of the reasons to implement it, you wouldn't have much incentive to go any further. So it begins with a brief—and I mean brief—introduction to AD/AM.
Why Use AD/AM?
AD/AM is a LDAP database that is primarily used to store users, groups, and other objects that represent organizations or other associations. It allows you to easily implement security within your applications, without having to write a huge amount of validation or user management code.
AD/AM provides the following capabilities, which separate it from AD:
- Simple backup and recovery – AD/AM uses a single .dit file, which contains all the database information.
- Easy installation and clean uninstall – It doesn't require you to have DNS working nor to install additional components on a server.
- Extended support for X.500 directory naming rather than just DNS directory-style naming.
- Effortless schema extensions without impacting on production Active Directory environments.
- Free download from Microsoft – AD/AM itself does not have a license cost associated with it.
- Can run multiple instances on the same machine (similar in concept to multiple instances of SQL Server 2000).
AD/AM has a number of great features that make it perfect for an online authentication system:
- Password Policies – AD/AM provides the ability to ensure that a user's password meets certain complexity requirements (e.g., number of characters, case, alpha-numeric, etc.). Have you ever tried to write that code? What a pain!
- Encrypted password store – AD/AM uses the same password encryption store as Active Directory, and as such, passwords cannot be reverse-engineered (unless you store them in reversible encryption).
- Ability to use Active Directory authentication for internal users – AD/AM can pass off the authentication to Active Directory, allowing AD to authorize internal users to use the online application.
AD/AM has the ability to scale out in proportions similar to Active Directory. So given all the great things about AD/AM, what are its limitations?
- AD/AM installs only on Windows XP (SP1 or above), Windows Server 2003 Standard, Enterprise, and Data Center Editions, but not on Windows 2000 (any edition) or Windows Server 2003 Web Edition.
- For Windows XP, the AD/AM install is a limited release. You are limited to 10,000 objects within the AD/AM instance.
- AD/AM currently does not have complete integration with Microsoft's Authentication Manager (nick-named AZMan). However, this is reportedly cleaned up in SP1 for Windows 2003 (no promises though!).
- AD/AM has no capabilities for Kerberos. If you wish to use Kerberos, you need to implement Active Directory (and probably not over the Web!).
- Pass-through (or user-proxy) authentication requires domain membership.
Which Version of AD/AM?
AD/AM comes in six different flavors. When you download AD/AM, be sure to select the correct version for your requirements.
AD/AM provides support for both 32- and 64-bit Windows platforms, as well as providing the following specific download versions:
- Retail: This is the most common version for use within a business environment. It is subject to the standard Retail End User Licence Agreement (EULA). Use the ADAMretailIA64.exe and ADAMretailX86.exe files.
- Redistributable: Application developers use this version to package AD/AM with their applications for redistribution to their users. These versions are subject to the Redistribution EULA. Use the ADAMredistIA64.exe and ADAMredistX86.exe files.
- MUI: The Multilingual User Interface (MUI) pack for AD/AM allows for multiple-language support. Before installing the AD/AM MUI pack, the Windows MUI pack and a retail or redistributable version of AD/AM must be installed on the computer. Additionally, Hotfix 828745 must be installed. Use the AdamMUIia64.msi and AdamMUIx86.msi files.
Table 1 shows the file packages that are available for download.
You can review the information about the individual downloads from the Microsoft AD/AM download site.
This article does not demonstrate redistributing an application and uses the ADAMretailX86.exe version. Ensure that you select the correct version for the OS you are running.
- Install AD/AM, the Secure Windows LDAP Service
- Install the Windows Service on PC
- PHP LDAP 访问 Windows AD(Active Directory)
- java windows AD 实现LDAP用户管理
- windows svn install service
- 使svn+apache利用ldap进行windows ad账号认证
- Windows Service Install/Remove Wizard
- windows RabbitMQ service install 失败
- ldap AD属性说明
- LDAP与AD
- LDAP ,AD开发记录
- ldap AD属性说明
- LDAP查询AD信息
- windows下Mysql数据库安装错误解决方案Install/Remove of the Service Denied
- LDAP in the Solaris™ Operating Environment: Deploying Secure Directory Services
- The ABCs of LDAP: How to Install, Run, and Administer LDAP Services
- Failed to install the VirtualCenter Agent Service
- Install/Remove of the Service Denied
- IT人士群聚喝酒的讲究
- ruby连接mysql
- JFIF文件格式
- 颜色模型之间的转换
- JPEG定义的标记
- Install AD/AM, the Secure Windows LDAP Service
- NET Framework 3.0 问答翻译
- ASP.NET2.0 文本编辑器FCKeditor的冰冷之心
- 优秀网站地址
- ExtJS2.0实用简明教程
- ExtJS简介
- 《ExtJS2.0实用简明教程》之获得ExtJS
- [转帖]一个LDAP应用的例子,在Sun ONE Directory Server 5.2
- 《ExtJS2.0实用简明教程》之应用ExtJS