Response to Darrell's question about ADAM and AD

Darrell wrote:

If the organization you are developing for does have a directory service, but you need to modify the schema. In those cases, I have relied on AD for authentication, and then additional attributes linking userIDs to permissions for authorization.

Is there an easy way to keep an ADAM and a real AD synced?

 

The answer is that there is a way, which is not without a price tag, and which can be easy or not-so-easy.  Microsoft Identity Integration Server provides a means of keeping AD/AM and AD synchronized.  It's dead easy to connect AD to MIIS, connect AD/AM to AD, and then specify how the value of properties of objects in AD are to flow to AD/AM and vice-versa (or not vice-versa if you want AD to be the master copy).  What is also possible, but not quite as easy, is to provision into AD/AM users that exist in AD.  To do that, one has to write rule extensions, which can be challenging.  I'll cover those in subsequent posts.

Comments

• Anonymous
  March 05, 2004
  If you are talking about syncing AD with Ad/AM there's no real cost - the identity integration feature pack can do it - free download at http://www.microsoft.com/downloads/details.aspx?FamilyID=d9143610-c04d-41c4-b7ea-6f56819769d5&DisplayLang=en
• Anonymous
  March 12, 2004
  Spencer - yes, thanks. I saw that listed as a feature pack. Very useful too, since I don't need all the cross-platform stuff in MIIS.