Response to Darrell's question about ADAM and AD

Darrell wrote:

If the organization you are developing for does have a directory service, but you need to modify the schema. In those cases, I have relied on AD for authentication, and then additional attributes linking userIDs to permissions for authorization.

Is there an easy way to keep an ADAM and a real AD synced?

 

The answer is that there is a way, which is not without a price tag, and which can be easy or not-so-easy.  Microsoft Identity Integration Server provides a means of keeping AD/AM and AD synchronized.  It's dead easy to connect AD to MIIS, connect AD/AM to AD, and then specify how the value of properties of objects in AD are to flow to AD/AM and vice-versa (or not vice-versa if you want AD to be the master copy).  What is also possible, but not quite as easy, is to provision into AD/AM users that exist in AD.  To do that, one has to write rule extensions, which can be challenging.  I'll cover those in subsequent posts.