Product: Windows Server 2003 Company: Microsoft Website: http://www.microsoft.com MSRP: See Pricing Review By: Stewart Saathoff

Creation of Adam

Active Directory in Application Mode (ADAM) This is an enhancement that I truly believe was necessary.  I used to be a Microsoft Certified Trainer before I started consulting full time for a company and I remember teaching the Designing Directory Services Class that Microsoft had released.  One of the really neat features that I saw pertaining to AD (Active Directory) was the ability to extend the Schema.  If you aren’t familiar with the Schema of Active Directory, it’s the bottom partition of the database that contains all of the potential objects that you can create and all of their subsequent attributes.

Windows 2000 gave you the opportunity to extend the schema to allow for more attributes to further tailor AD to the needs of the organization whom had purchased the system.  For example, if your company needed to add a Social Security, Sex or Race field to AD for the HR department, then that was possible.  The only problem was that any modifications to the schema were replicated to all other Domain Controllers in the forest.  Modifications could also only be made by members of the Schema Admins security group.  In my opinion, this was a recipe for inconvenience and disaster waiting to happen.  Developers would need to work around the wants and desires of the Admins, because they had the ability to damage a potentially critical portion of the Network Operating System and it was definitely not a good idea to test beta apps that modified the schema on production servers since schema modifications can not be deleted, but only deactivated.

The ones at Microsoft answer the cries of the developers and administrators alike.  ADAM is born.  ADAM is an amazing idea, simple, but amazing.  ADAM runs as a service on Windows XP, 2003 Server Standard, Enterprise and Datacenter editions.  ADAM is a service that creates an instance of Active Directory that runs side by side with the production service.  It can access all information from the production service, including authentication information without modifying the Schema itself.  Speaking of authentication, ADAM running on Windows 2003 Server or XP Pro can use the security subsystems of Windows 2003 AD, Windows 2000 AD and, get this, NT 4.0!!!  How’s that for Backward Compatibility?

Note: The 2003 Server has to be a member server or Stand Alone server in whatever NOS environment that you choose for obvious reasons.

 Multiple Instances of the ADAM service can be run on any one of these machines so you could have one for the Accounting department and another for the HR department containing information specific to each department and not interfering with each other, or the Corporate AD while simultaneously being able to access Employee information like Names, Phone Numbers, Managers, etc...  Think of the possibilities!  Now corporate developers or ISV’s can develop applications that leverage the Employee information and authentication information stored in their client’s Active Directory system, without interfering with the entire network because schedules for Replication between ADAM instances on different servers can be set to times that are convenient for the users of the system, not just the administrators of the network.  Instances of ADAM can be deployed easily using Windows scripting.  Also, all servers in an ADAM group have writable copies of the databases, just like the real AD.  The attributes within the ADAM Database are secured using an ACL just like the file system.

ADAM can be downloaded here:

http://www.microsoft.com/windowsserver2003/adam/default.mspx