{"id":356,"date":"2005-05-03T14:09:00","date_gmt":"2005-05-03T14:09:00","guid":{"rendered":"http:\/\/markwilson.me.uk\/blog\/2005\/05\/overview-of-active-directory.htm"},"modified":"2007-07-25T22:17:15","modified_gmt":"2007-07-25T21:17:15","slug":"overview-of-active-directory","status":"publish","type":"post","link":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/overview-of-active-directory.htm","title":{"rendered":"Overview of Active Directory Application Mode"},"content":{"rendered":"<p><!--111512971549646269--><a href=\"https:\/\/www.markwilson.co.uk\/blog\/2005\/04\/managing-identity-with-microsoft.htm\">I recently blogged about Microsoft Identity Integration Server<\/a> (MIIS), which is Microsoft&#8217;s platform for connecting directory enabled applications and facilitating identity management.  For organisations that require flexible support for directory enabled applications and for which organisational constraints or schema issues prevent the use of Active Directory (AD), Microsoft has developed <a href=\"http:\/\/www.microsoft.com\/windowsserver2003\/adam\/\">Active Directory application mode<\/a> (ADAM).<\/p>\n<p>ADAM is a <a href=\"http:\/\/www.faqs.org\/rfcs\/rfc2251.html\">lightweight directory access protocol<\/a> (LDAP) directory, providing many of the features of AD, but which can be used to support directory enabled applications that are not considered safe for use with AD.  Although AD was designed to be extendable, possible concerns over safety could include:<\/p>\n<ul>\n<li>Unacceptable schema changes.<\/li>\n<li>Security risks.<\/li>\n<li>Directory management requirements.<\/li>\n<li>Development requirements.<\/li>\n<\/ul>\n<p>ADAM runs as a user service (rather than as a system service) and multiple instances can be run concurrently on a single computer, with an independent configuration for each instance.  Unlike AD, ADAM doesn&#8217;t have any dependencies on the domain name system (DNS) or file replication service (FRS).  Instances that share the same configuration and schema can be added to a configuration set and will replicate changes to one another; however ADAM cannot replicate with AD &#8211; instead, there is a beta tool called the <a href=\"http:\/\/www.microsoft.com\/downloads\/details.aspx?familyid=88E72E3F-1DD9-4CCC-A9AA-CAC04E0628C7&#038;displaylang=en\">Active Directory to ADAM Synchronizer<\/a> that provides one way synchronisation from AD to ADAM.<\/p>\n<p>On the client side, ADAM supports any client that is written to the LDAP v3 technical specification as well as Active Directory service interfaces (ADSI) for clients from Windows 2000 onwards.<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" alt=\"ADAM overview\" src=\"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/images\/adam.gif?w=700&#038;ssl=1\" \/>To illustrate where ADAM might be useful, here are three example scenarios:<\/p>\n<ol>\n<li>The first scenario is an intranet portal application for users that have been authenticated by AD.  Because ADAM is integrated with the Windows security model, any application that is deployed using ADAM can authenticate access against AD across the enterprise.  Global data is stored in AD, whilst application-specific data is stored in ADAM.  As the application uses AD for authentication it doesn&#8217;t need to maintain its own database of user IDs and passwords (although this is supported if required) and because ADAM is used for the application&#8217;s personalisation data, there is no need to extend the AD schema.  Different departments using the application may have different schema requirements and apply different business logic to directory data.  The answer to this is ADAM&#8217;s support for multiple instances, each with their own schema, without needing to modify the enterprise schema or to manage yet another set of user accounts and passwords.  These isolated ADAM instances may be deployed and managed locally or centrally.<br \/><img data-recalc-dims=\"1\" decoding=\"async\" class=\"inline\" alt=\"ADAM deployment scenario 1\" src=\"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/images\/adam-scenario1.gif?w=700&#038;ssl=1\" \/><\/li>\n<li>The second scenario is a web portal application that handles extranet access management.  In this case the portal directory is used for authentication purposes only.  ADAM can be used to store application information, while authenticating user objects using LDAP simple binds, allowing ADAM to work in heterogeneous environments and in situations where AD is not present (or is deliberately segregated).<br \/><img data-recalc-dims=\"1\" decoding=\"async\" class=\"inline\" alt=\"ADAM deployment scenario 2\" src=\"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/images\/adam-scenario2.gif?w=700&#038;ssl=1\" \/><\/li>\n<li>The final scenario considers an organisation in the process of migrating to AD but which still has applications that rely on an X.500 naming convention or directory.  ADAM can serve as an interim solution to support the legacy applications through the migration process which using AD for user authentication and a shared security infrastructure.  Optionally, MIIS can be used to transform identity information between AD, ADAM and any other identity stores in use.  By using a single directory technology for both the network operating system and application directory needs, overall infrastructure costs are reduced as additional investments are not required for training, administration, or management of the application directory. The LDAP, ADSI, and directory services markup language (DSML) application programming interfaces are also equivalent between the two directory services, so that applications may be built on ADAM and then migrated to AD as needed, with minimal change.<br \/><img data-recalc-dims=\"1\" decoding=\"async\" class=\"inline\" alt=\"ADAM deployment scenario 3\" src=\"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/images\/adam-scenario3.gif?w=700&#038;ssl=1\" \/><\/li>\n<\/ol>\n<p>By using ADAM to isolate application-specific information from AD and for simple authentication for extranet applications, organisations are able to develop, deploy and manage directory-enabled solutions without the need to create separate user databases or change the schema of AD to support each application.  Because the ADAM directory can easily be installed, reinstall, or removed, it may be considered for deployment with an application.<\/p>\n<p>Similar to the partition structure in AD, ADAM consists of a number of naming contexts (NCs), which are:<\/p>\n<ul>\n<li>Configuration NC &#8211; CN=Configuration,CN={GUID}<\/li>\n<li>Schema NC &#8211; CN=Schema,CN=Configuration,CN={GUID}<\/li>\n<li>One or more application directory partitions (ADPs), e.g. cn=partition1,dc=markwilson,dc=co,dc=uk.<\/li>\n<\/ul>\n<p>The configuration and schema NCs are provided by default and are automatically configured, with the application directory partitions specified by the administrator.  Note that they are defined by an instance GUID, and not using DNS names.  Because it is an LDAP directory, ADAM can also support x.500 names for integration with legacy applications (LDAP was designed as a lightweight version of the X.500 directory access protocol).<\/p>\n<p>ADAM can be installed on computers running any version of Windows XP or Windows Server 2003 (32- or 64-bit) and does not require a forest, domain, or domain controller so can be installed on computers that are configured as domain controllers, domain members or workgroup members.<\/p>\n<p>During installation the only options required are:<\/p>\n<ul>\n<li>Acceptance of the license agreement.<\/li>\n<li>Whether or not to install the ADAM administration tools.<\/li>\n<li>Whether to install a unique instance, or a replica of an existing instance.<\/li>\n<li>Instance name (a service will be created named ADAM_<em>instancename<\/em>).<\/li>\n<li>LDAP and SSL port numbers (389 and 636 by default, but these should be changed to high numbered ports if AD is or will be installed on the same computer).<\/li>\n<li>Whether or not to install an ADP (and if so, the ADP name) &#8211; some applications will create their own ADP on installation.<\/li>\n<li>Data and data recovery file locations (by default, %Program Files%\\Microsoft ADAM\\<em>instancename<\/em>\\data.<\/li>\n<li>Service account information (network or a specified account).<\/li>\n<li>ADAM administrator details.<\/li>\n<li>Any <a href=\"http:\/\/www.faqs.org\/rfcs\/rfc2849.html\">lightweight directory interchange format<\/a> (LDIF) files to extend the application partition schema &#8211; these can also be imported at a later time, using LDIF directory exchange utility (ldifde.exe).<\/li>\n<\/ul>\n<p>Once installed, ADAM has a limited toolset, with ADAM ADSI Edit, ADAM Help and the ADAM Tools Command Prompt.  Many of the command prompt tools have the same names as their AD counterparts, so it is important to use the correct command prompt.<\/p>\n<p>ADAM security is based on the AD model, with the majority of default permissions set on the NC head for a number of default groups, held in the roles container for each partition.  For an application directory partition, the default groups are Administrators, Readers and Users.  There is no user interface for setting security, instead the ADAM version of the <code>dsacls.exe<\/code> support tool is used although the <code>ldp.exe<\/code> support tool is useful for viewing security descriptors.  An LDAP simple bind is used for ADAM security principles, whilst for Windows security principles, a simple authentication and security layer (SASL) bind is used (either Kerberos or NTLM) and there is also provision for binding to ADAM and redirecting to AD via an ADAM proxy object.  Anonymous access is also available, controlled using the dSHeuristics flag (in the configuration directory partition &#8211; CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,CN={GUID} &#8211; on which various bits are set to indicate various directory operations, detailed in the product documentation).<\/p>\n<p>Although ADAM cannot replicate objects to and from AD (for that, either <a href=\"http:\/\/www.microsoft.com\/windowsserversystem\/miis2003\/\">MIIS<\/a> or the <a href=\"http:\/\/www.microsoft.com\/downloads\/details.aspx?FamilyID=d9143610-c04d-41c4-b7ea-6f56819769d5&#038;displaylang=en\">Identity Integration Feature Pack for Active Directory<\/a> is required), the AD to ADAM Synchronizer allows application administrators and developers to use an XML configuration file and a scriptable command line interface to specify a filtered and scoped subset of data to be pulled from AD to ADAM. <\/p>\n<p>No data is written back to AD and the objects and values in ADAM are not transformed in any way. Object or attribute based evaluation rules cannot be implemented and values from the source (AD) are authoritative. While the application may extend the data stored in ADAM, any shared data will be overwritten on subsequent runs, with data values from AD. <\/p>\n<p>Using the ADAM synchronizer involves:<\/p>\n<ul>\n<li>Extending the ADAM schema to support the ADAM synchronizer along with the attributes and objects that are to be imported.<\/li>\n<li>Setting the appropriate fields in the ADAM synchronizer&#8217;s conf_public.xml file and loading the file.<\/li>\n<li>Running the synchronisation.<\/li>\n<\/ul>\n<p>ADAM looks to be a useful addition to the Microsoft directory services toolset.  I only wish that some of the Microsoft applications used it so I could avoid extending the AD schema for them (e.g. Exchange, ISA Server and SharePoint Portal Server).<\/p>\n<h3>Credits<\/h3>\n<p>Although I have provided additional information from my own research, the inspiration for this blog post was a seminar hosted by Microsoft, during which John Craddock and Sally Storey from <a href=\"http:\/\/www.kimberry.co.uk\/\">Kimberry Associates<\/a> presented on stretching directory boundaries: cross platform identity management, authentication and security.  The ADAM deployment scenarios above were taken from <a href=\"http:\/\/www.microsoft.com\/downloads\/details.aspx?familyid=b7e505c0-d4b9-46fb-ae71-e3b48e7938c0&amp;displaylang=en\">Microsoft&#8217;s ADAM overview presentation<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I recently blogged about Microsoft Identity Integration Server (MIIS), which is Microsoft&#8217;s platform for connecting directory enabled applications and facilitating identity management. For organisations that require flexible support for directory enabled applications and for which organisational constraints or schema issues prevent the use of Active Directory (AD), Microsoft has developed Active Directory application mode (ADAM). &hellip; <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/overview-of-active-directory.htm\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Overview of Active Directory Application Mode<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[],"tags":[102],"class_list":["post-356","post","type-post","status-publish","format-standard","hentry","tag-active-directory"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Overview of Active Directory Application Mode - markwilson.it<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/overview-of-active-directory.htm\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Overview of Active Directory Application Mode - markwilson.it\" \/>\n<meta property=\"og:description\" content=\"I recently blogged about Microsoft Identity Integration Server (MIIS), which is Microsoft&#8217;s platform for connecting directory enabled applications and facilitating identity management. For organisations that require flexible support for directory enabled applications and for which organisational constraints or schema issues prevent the use of Active Directory (AD), Microsoft has developed Active Directory application mode (ADAM). &hellip; Continue reading Overview of Active Directory Application Mode\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/overview-of-active-directory.htm\" \/>\n<meta property=\"og:site_name\" content=\"markwilson.it\" \/>\n<meta property=\"article:published_time\" content=\"2005-05-03T14:09:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2007-07-25T21:17:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.markwilson.co.uk\/blog\/images\/adam.gif\" \/>\n<meta name=\"author\" content=\"Mark Wilson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:site\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Wilson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/overview-of-active-directory.htm#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/overview-of-active-directory.htm\"},\"author\":{\"name\":\"Mark Wilson\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"headline\":\"Overview of Active Directory Application Mode\",\"datePublished\":\"2005-05-03T14:09:00+00:00\",\"dateModified\":\"2007-07-25T21:17:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/overview-of-active-directory.htm\"},\"wordCount\":1487,\"commentCount\":4,\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"image\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/overview-of-active-directory.htm#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/images\\\/adam.gif\",\"keywords\":[\"Microsoft Active Directory\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/overview-of-active-directory.htm#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/overview-of-active-directory.htm\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/overview-of-active-directory.htm\",\"name\":\"Overview of Active Directory Application Mode - markwilson.it\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/overview-of-active-directory.htm#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/overview-of-active-directory.htm#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/images\\\/adam.gif\",\"datePublished\":\"2005-05-03T14:09:00+00:00\",\"dateModified\":\"2007-07-25T21:17:15+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/overview-of-active-directory.htm#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/overview-of-active-directory.htm\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/overview-of-active-directory.htm#primaryimage\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/images\\\/adam.gif\",\"contentUrl\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/images\\\/adam.gif\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/05\\\/overview-of-active-directory.htm#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Overview of Active Directory Application Mode\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/\",\"name\":\"markwilson.it\",\"description\":\"get-info -class technology | write-output &gt; \\\/dev\\\/web\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\",\"name\":\"Mark Wilson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"width\":800,\"height\":800,\"caption\":\"Mark Wilson\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\"},\"description\":\"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.\",\"sameAs\":[\"http:\\\/\\\/www.markwilson.co.uk\\\/\",\"https:\\\/\\\/www.instagram.com\\\/markwilsonuk\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/markawilson\\\/\",\"https:\\\/\\\/x.com\\\/markwilsonit\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCWHlZCoHRTocdvtrOJ2IL4A\"],\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/author\\\/mark-wilson\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Overview of Active Directory Application Mode - markwilson.it","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/overview-of-active-directory.htm","og_locale":"en_GB","og_type":"article","og_title":"Overview of Active Directory Application Mode - markwilson.it","og_description":"I recently blogged about Microsoft Identity Integration Server (MIIS), which is Microsoft&#8217;s platform for connecting directory enabled applications and facilitating identity management. For organisations that require flexible support for directory enabled applications and for which organisational constraints or schema issues prevent the use of Active Directory (AD), Microsoft has developed Active Directory application mode (ADAM). &hellip; Continue reading Overview of Active Directory Application Mode","og_url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/overview-of-active-directory.htm","og_site_name":"markwilson.it","article_published_time":"2005-05-03T14:09:00+00:00","article_modified_time":"2007-07-25T21:17:15+00:00","og_image":[{"url":"https:\/\/www.markwilson.co.uk\/blog\/images\/adam.gif","type":"","width":"","height":""}],"author":"Mark Wilson","twitter_card":"summary_large_image","twitter_creator":"@markwilsonit","twitter_site":"@markwilsonit","twitter_misc":{"Written by":"Mark Wilson","Estimated reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/overview-of-active-directory.htm#article","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/overview-of-active-directory.htm"},"author":{"name":"Mark Wilson","@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"headline":"Overview of Active Directory Application Mode","datePublished":"2005-05-03T14:09:00+00:00","dateModified":"2007-07-25T21:17:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/overview-of-active-directory.htm"},"wordCount":1487,"commentCount":4,"publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"image":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/overview-of-active-directory.htm#primaryimage"},"thumbnailUrl":"https:\/\/www.markwilson.co.uk\/blog\/images\/adam.gif","keywords":["Microsoft Active Directory"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/overview-of-active-directory.htm#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/overview-of-active-directory.htm","url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/overview-of-active-directory.htm","name":"Overview of Active Directory Application Mode - markwilson.it","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/overview-of-active-directory.htm#primaryimage"},"image":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/overview-of-active-directory.htm#primaryimage"},"thumbnailUrl":"https:\/\/www.markwilson.co.uk\/blog\/images\/adam.gif","datePublished":"2005-05-03T14:09:00+00:00","dateModified":"2007-07-25T21:17:15+00:00","breadcrumb":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/overview-of-active-directory.htm#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/overview-of-active-directory.htm"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/overview-of-active-directory.htm#primaryimage","url":"https:\/\/www.markwilson.co.uk\/blog\/images\/adam.gif","contentUrl":"https:\/\/www.markwilson.co.uk\/blog\/images\/adam.gif"},{"@type":"BreadcrumbList","@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/05\/overview-of-active-directory.htm#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.markwilson.co.uk\/blog"},{"@type":"ListItem","position":2,"name":"Overview of Active Directory Application Mode"}]},{"@type":"WebSite","@id":"https:\/\/www.markwilson.co.uk\/blog\/#website","url":"https:\/\/www.markwilson.co.uk\/blog\/","name":"markwilson.it","description":"get-info -class technology | write-output &gt; \/dev\/web","publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.markwilson.co.uk\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":["Person","Organization"],"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468","name":"Mark Wilson","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","url":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","width":800,"height":800,"caption":"Mark Wilson"},"logo":{"@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1"},"description":"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.","sameAs":["http:\/\/www.markwilson.co.uk\/","https:\/\/www.instagram.com\/markwilsonuk\/","https:\/\/www.linkedin.com\/in\/markawilson\/","https:\/\/x.com\/markwilsonit","https:\/\/www.youtube.com\/channel\/UCWHlZCoHRTocdvtrOJ2IL4A"],"url":"https:\/\/www.markwilson.co.uk\/blog\/author\/mark-wilson"}]}},"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":471,"url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/04\/managing-identity-with-microsoft.htm","url_meta":{"origin":356,"position":0},"title":"Managing identity with Microsoft Identity Integration Server","author":"Mark Wilson","date":"Monday 18 April 2005","format":false,"excerpt":"I last saw the Microsoft Identity Integration Server (MIIS) product in my days at ICL, when it existed as a product called Zoomit Via. Since then, Microsoft has bought the rights to the metadirectory services technology and rewritten the product in various forms with MIIS 2003 being the latest incarnation,\u2026","rel":"","context":"In \"Microsoft Identity Integration Server\"","block_context":{"text":"Microsoft Identity Integration Server","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/miis"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1206,"url":"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-3-organizational-units.htm","url_meta":{"origin":356,"position":1},"title":"Active Directory design considerations: part 3 (organizational units)","author":"Mark Wilson","date":"Wednesday 17 September 2008","format":false,"excerpt":"In the previous post in this series of posts about design considerations for Microsoft Active Directory (AD), based around the MCS Talks: Enterprise Architecture series of webcasts, I looked at forest and domain design. This post continues with a look at organizational unit (OU) structure. The OU structure is not\u2026","rel":"","context":"In \"Microsoft Active Directory\"","block_context":{"text":"Microsoft Active Directory","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/active-directory"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":827,"url":"https:\/\/www.markwilson.co.uk\/blog\/2007\/07\/a-look-forward-to-windows-server-2008.htm","url_meta":{"origin":356,"position":2},"title":"A look forward to Windows Server 2008","author":"Mark Wilson","date":"Thursday 5 July 2007","format":false,"excerpt":"This evening, I'm planning to be at the inaugural Windows Server UK user group meeting, prompting me to write up my notes from the Windows Server 2008 Technical Overview event held at Microsoft UK last month. Presented by Andy Malone from Quality Training, I've already given my (negative, but hopefully\u2026","rel":"","context":"In \"Microsoft Windows Server 2008\"","block_context":{"text":"Microsoft Windows Server 2008","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/windows-server-2008"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":237,"url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/09\/10000-feet-view-of-microsoft-active.htm","url_meta":{"origin":356,"position":3},"title":"10,000 feet view of Microsoft Active Directory","author":"Mark Wilson","date":"Wednesday 14 September 2005","format":false,"excerpt":"Non-technical colleagues, and friends who work with Microsoft products but outside of a corporate environment often ask me \"what is Active Directory\" (AD). As I've blogged a few 10,000 feet views of Microsoft technologies, I thought I'd produce one for AD. At the Microsoft Technical Roadshow event last May, Paul\u2026","rel":"","context":"In \"Microsoft Active Directory\"","block_context":{"text":"Microsoft Active Directory","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/active-directory"},"img":{"alt_text":"","src":"http:\/\/www.assoc-amazon.co.uk\/e\/ir?t=marsweblo-21&l=as2&o=2&a=0954421809","width":350,"height":200},"classes":[]},{"id":566,"url":"https:\/\/www.markwilson.co.uk\/blog\/2004\/04\/migrating-from-exchange-server-55-to.htm","url_meta":{"origin":356,"position":4},"title":"Migrating from Exchange Server 5.5 to Exchange Server 2003","author":"Mark Wilson","date":"Wednesday 7 April 2004","format":false,"excerpt":"With Microsoft Exchange Server 2003, Microsoft have made Exchange installation simpler - the Exchange Server deployment tools and documentation (ExDeploy) lead an administrator through the entire Exchange Server installation or upgrade process and it is recommended that Exchange Server 2003 Setup is run using ExDeploy. Specific tools and utilities can\u2026","rel":"","context":"In \"Microsoft Exchange\"","block_context":{"text":"Microsoft Exchange","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/exchange"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1204,"url":"https:\/\/www.markwilson.co.uk\/blog\/2008\/09\/active-directory-design-considerations-part-2-forest-and-domain-design.htm","url_meta":{"origin":356,"position":5},"title":"Active Directory design considerations: part 2 (forest and domain design)","author":"Mark Wilson","date":"Tuesday 16 September 2008","format":false,"excerpt":"Having set the scene for this series of posts, the first area to examine is Active Directory forest and domain design. Bearing in mind the key principle that requirements should dictate design, and that the solution should be as simple as possible, whenever possible, AD designers should look to consolidate\u2026","rel":"","context":"In \"Microsoft Active Directory\"","block_context":{"text":"Microsoft Active Directory","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/active-directory"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/356","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=356"}],"version-history":[{"count":0,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/356\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=356"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=356"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=356"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}