Response to Darrell's question about ADAM and AD


Darrell wrote:



If the organization you are developing for does have a directory service, but you need to modify the schema. In those cases, I have relied on AD for authentication, and then additional attributes linking userIDs to permissions for authorization.

Is there an easy way to keep an ADAM and a real AD synced?


 


The answer is that there is a way, which is not without a price tag, and which can be easy or not-so-easy.  Microsoft Identity Integration Server provides a means of keeping AD/AM and AD synchronized.  It's dead easy to connect AD to MIIS, connect AD/AM to AD, and then specify how the value of properties of objects in AD are to flow to AD/AM and vice-versa (or not vice-versa if you want AD to be the master copy).  What is also possible, but not quite as easy, is to provision into AD/AM users that exist in AD.  To do that, one has to write rule extensions, which can be challenging.  I'll cover those in subsequent posts. 


Comments (2)

  1. If you are talking about syncing AD with Ad/AM there's no real cost - the identity integration feature pack can do it - free download at http://www.microsoft.com/downloads/details.aspx?FamilyID=d9143610-c04d-41c4-b7ea-6f56819769d5&DisplayLang=en

  2. Darrell says:

    Spencer - yes, thanks. I saw that listed as a feature pack. Very useful too, since I don't need all the cross-platform stuff in MIIS.

Skip to main content