Global Open Versity, Vancouver Canada Install Guide Win2k3 ADAM v1.0
© September 2008, Kefa Rabah, Global Open Versity, Vancouver Canada
A GOV Open Knowledge Access License Technical Publication
Global Open VersitySystems Integration Hands-on Labs Training ManualInstall Guide Windows Active Directory Application Mode (ADAM)
For organizations using Win 2k3 AD infrastructure that require flexible support for directory-enabledapplications, Microsoft has developed Active Directory Application Mode (ADAM). ADAM is a LightweightDirectory Access Protocol (LDAP) directory service that runs as a user service, rather than as a systemservice. Active Directory Application Mode represents a breakthrough in directory services technology thatprovides flexibility and helps organizations avoid increased infrastructure costs.LDAP is an acronym for Lightweight Directory Access Protocol; it is a simplified version of the X.500protocol. The directory setup in this training manual will be later used for authentication. Nevertheless,LDAP can be used in numerous ways: authentication, shared directory (for mail clients), address book,etc.A central component of the Windows platform, Active Directory directory service provides the means tomanage the identities and relationships that make up network environments. Windows Server 2003makes Active Directory simpler to manage, easing migration and deployment. Active directory has beenaround since the release of Windows 2000 several years ago, and is now a standard sight in manyoffices. Its inclusion marked a radical change at the heart of the Windows Server platform, one that peopleare still adjusting to today.Proper design implementation and deployment of enterprise LDAP authentication right from the beginningis very crucial. Failure to do so can be very detrimental in terms security. For example, it is very importantthat before LDAP authentication is implemented the enterprise should first determine which system orapplication will be authoritative for the identity data. And which users will be in super users’ categories andwhat kind of privileges allocated to them. Not implementing things correctly in the end could meancleaning up the associated business processes dealing with identity creation, role changes andterminations. Often the authoritative identity source will have many identities in their data stores listed asactive who are no longer active. This can create undetected and sometimes hidden security holes in anylarge enterprise LDAP authentication.In this Hands-on Systems Integration Training Lab, we’re going undertake a step-by-step installation,configuration of Windows Server 2003 Active Directory Application Mode.This project was demonstrated entirely using VMware, however, once you perfect the setup you canmigrated them into physical servers if you so wish. You may also Virtual PC instead of VMware for yourdemo setup.