ADAM, Active Directory, LDAP, ADFS, Identity

active-directoryadamadfsldapwindows-identity

What is the difference/relation between ADAM, Active Directory, LDAP, ADFS, Windows Identity, cardspace and which server (Windows 2003, Windows 2008) uses what?

Best Answer

Active Directory is a server component for administrating windows domains and storing related informations like details about users. It provides implementations of the network protocols LDAP, DNS, CIFS and Kerberos. It's part of Windows Server 2003 as well as Windows Server 2008 with some modifications in the latter case.

ADAM was somewhat like the little brother of Active Directory. It only contained an implementation of LDAP. With Windows Server 2008 it was renamed to LDS, Lightweight Directory Services. ADAM/LDS can also be installed on non-server versions of Windows.

LDAP is a protocol for administrating the data of a directory service. Data within a directory services are stored in a hierarchical manner, a tree. Entries within that tree can contain a set of attributes where each has a name and a value. They are mostly used for storing user related informations like usernames, passwords, email addresses and so on, as there are standardized schemas for this purpose and it's widely supported by applications.

ADFS is a technology which enables Single Sign-On for users of web applications within an Identity Federation. In a very short form: Imagine two organizations which have their user data stored within an active directory. Now each organization wants to give the users of the other organization access to its web applications, but with the restriction that the user data itself should neither be copied nor be fully accessible to the other organization. Thats the kind of problem ADFS can solve. May require an hour of reading & researching before fully understood.

Related Solutions

How to configure Microsoft ADAM to be similar to Active Directory

ADAM isn't really a complete replacement for Active Directory. For example, ADAM doesn't understand different group types, and doesn't include a RootDSE by default. You could test against ADAM but you may run into slight differences in your query structures.

If you are developing an application that will depend on Active Directory then you really should be building your application against an Active Directory. I have been able to get several Domain Controllers running just fine in Virtual PC (free) using only 300mb of memory and a free evaluation version of Windows Server.

If, however, you are building an application that simply needs an LDAP directory and isn't going to be using Active Directory than ADAM may work out just fine. The schema extension file you mentioned (MS-AdamSchemaW2K3.LDF) would work just fine but you would want to setup RootDSE for easier binds.

Lastly, Microsoft AD/AM isn't really Admin friendly, especially in terms of troubleshooting. I ended up writing an application to help troubleshoot AD/AM issues that you may find useful.

C# – Validate a username and password against Active Directory

If you work on .NET 3.5 or newer, you can use the System.DirectoryServices.AccountManagement namespace and easily verify your credentials:

// create a "principal context" - e.g. your domain (could be machine, too)
using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, "YOURDOMAIN"))
{
    // validate the credentials
    bool isValid = pc.ValidateCredentials("myuser", "mypassword");
}

It's simple, it's reliable, it's 100% C# managed code on your end - what more can you ask for? :-)

Read all about it here:

Update:

As outlined in this other SO question (and its answers), there is an issue with this call possibly returning True for old passwords of a user. Just be aware of this behavior and don't be too surprised if this happens :-) (thanks to @MikeGledhill for pointing this out!)

Best Answer

Related Solutions

How to configure Microsoft ADAM to be similar to Active Directory

C# – Validate a username and password against Active Directory

Related Topic