Introduction to Active Directory Application ModeWord格式文档下载.docx
- 文档编号:22378700
- 上传时间:2023-02-03
- 格式:DOCX
- 页数:17
- 大小:60.24KB
Introduction to Active Directory Application ModeWord格式文档下载.docx
《Introduction to Active Directory Application ModeWord格式文档下载.docx》由会员分享,可在线阅读,更多相关《Introduction to Active Directory Application ModeWord格式文档下载.docx(17页珍藏版)》请在冰豆网上搜索。
TheActiveDirectory®
directoryserviceinMicrosoftWindows®
2000isthefastestgrowingdirectoryserviceforintranetsandextranetsasaresultofitsrichintegrationofdirectorysupportandsecurity,scalability,andnativeLightweightDirectoryAccessProtocol(LDAP)support.MicrosoftWindowsServer™
2003buildsonthatsuccessbysupportinganumberofnewLDAPcapabilitiesinActiveDirectorythataretargetedforinformationtechnology(IT)professionalsandapplicationsdevelopers.ActiveDirectoryApplicationMode(ADAM)isoneofthesenewcapabilities.Organizations,independentsoftwarevendors(ISVs),anddeveloperswhowanttointegratetheirapplicationswithadirectoryservicenowhaveanadditionalcapabilityinActiveDirectorythatprovidesnumerousbenefits.ThiswhitepaperintroducesActiveDirectoryApplicationModeanddescribesitsbenefits.
Informationinthisdocument,includingURLandotherInternetWebsitereferences,issubjecttochangewithoutnotice.Unlessotherwisenoted,theexamplecompanies,organizations,products,domainnames,e-mailaddresses,logos,people,placesandeventsdepictedhereinarefictitious,andnoassociationwithanyrealcompany,organization,product,domainname,e-mailaddress,logo,person,placeoreventisintendedorshouldbeinferred.Complyingwithallapplicablecopyrightlawsistheresponsibilityoftheuser.Withoutlimitingtherightsundercopyright,nopartofthisdocumentmaybereproduced,storedinorintroducedintoaretrievalsystem,ortransmittedinanyformorbyanymeans(electronic,mechanical,photocopying,recording,orotherwise),orforanypurpose,withouttheexpresswrittenpermissionofMicrosoftCorporation.
Microsoftmayhavepatents,patentapplications,trademarks,copyrights,orotherintellectualpropertyrightscoveringsubjectmatterinthisdocument.ExceptasexpresslyprovidedinanywrittenlicenseagreementfromMicrosoft,thefurnishingofthisdocumentdoesnotgiveyouanylicensetothesepatents,trademarks,copyrights,orotherintellectualproperty.
©
2003.MicrosoftCorporation.Allrightsreserved.
Microsoft,ActiveDirectory,Windows,Windows
NT,andWindowsServerareeitherregisteredtrademarksortrademarksofMicrosoftCorporationintheUnitedStatesand/orothercountries.
Thenamesofactualcompaniesandproductsmentionedhereinmaybethetrademarksoftheirrespectiveowners.
Contents
Introduction1
SimplicityofApplicationMode3
ADAMUsageScenarios4
Application-SpecificDirectoryScenarios4
TailoredSchema5
LocalManagementintheEnterprise6
OptionalCentralizedManagement6
Windows
NT
4.0Domains6
ApplicationDeveloperScenarios6
SimpleSetup6
LocallyInstalled,LocallyManaged7
ExtranetAccessManagementScenarios7
MigrationScenarios7
Benefits9
RichandExtensibleStore9
Replication9
SetupandRemoval9
MultipleInstanceSupport10
BackupandRestore10
ToolSupport10
Security10
PlatformSupport11
Summary12
RelatedLinks13
Introduction
OriginallyinspiredbytheemergenceofLDAP-basedsolutionsinthemid-1990s,organizationshavehadsuccessindeployingdirectory-enabledbusinesssolutionsforkeyproblemssuchasnetworkoperatingsystem(NOS)usersupport,publickeyinfrastructure(PKI)deployment,whitepagesoryellowpagesaccess,extranetorWebsinglesignon(SSO)capabilities,andline-of-businessapplications.
Theresultofthissuccessisthat,inmostorganizationstoday,itiscommontofindonedirectoryservicethatisusedtohandleNOSauthenticationandauthorization;
anotherdirectoryservicethatisusedbyaPKIproductforremoteaccessthroughavirtualprivatenetwork(VPN);
awhitepagesdirectoryservice;
and,mostlikely,anotherdirectoryservicethatsupportsextranetorWebSSO.Furthermore,itiscommonfororganizationstodeploymultipledirectoryservicesandtousedirectoryservicesthatarebasedondifferentdirectorytechnologies.Forexample,anorganization’sNOSdirectorymightbebasedonActiveDirectory,whilethePKIdirectoryisbasedonanX.500directory,andthewhitepagesandline-of-businessdirectoriesarebasedonyetanotherdirectorytechnology.
IfeachofthesedifferentdirectoriesisbasedonLDAP,theobviousquestionisthis:
Whyhaven’torganizationsbeenabletostandardizeononedirectorytechnology?
Theanswerliesinseveralobstacles:
∙Lackofdirectoryinteroperability.Manydirectoryservicessimplydonotoperatewitheachother.AhistoricalexampleistheoriginalX.500directorythatdidnotsupportLDAP.Eventoday,someproductsthatimplementadirectorydonotsupportLDAPorotherwidelyusedprotocols.
∙Lackofchoice.Somevendorsshipsolutionsthatarecertifiedtoworkwithonlyalimitedsubsetofthedirectoryservicesthatareinusetoday.Acustomerofthesevendorsmaybeforced,forsupportreasons,toimplementadirectoryservicethatisnotalreadyusedinthatcustomer’sorganization.
∙Lackofcoordination.Insomecases,groupsthatareisolatedfromoneanotherinanorganizationinstalldifferentbusinesssolutions.Thiscanresultinthedeploymentofmultipledirectorytechnologies.
∙Lackofsecurityinteroperability.Businesssolutionsseldomallowtheuseofidentitycredentialsthatarestoredinadirectoryservicebutthatarenotassociatedwiththosespecificsolutions.Thismeans,onceagain,deployingevenmoredirectoryservicestoactasthesecurecredentialstoresforeachindividualbusinesssolution.
Manyorganizationsareonlynowstartingtocometogripswiththehiddencoststhatareassociatedwiththeproliferationofmultipledirectorytechnologies.Thesecostsincludethefollowing:
∙Increasedsecurityrisk.Asbusinesssolutionsthatrelyondirectoriesproliferate,itbecomesincreasinglychallengingtoensurethatthesesolutionsintegrateeffectivelywithbusinessprocesses.Asemployees,partners,contractors,orcustomersinitiateorchangetheirrelationshipswithanorganization,itiscrucialthattheiraccesstoVPN,PKI,NOS,orotherbusinesssolutionsisinitiatedorchangedimmediately.Whenmanagementoverheadcausesslowinitiation,productivityisaffected.Ontheotherhand,whenchangesarenotquicklyreflectedinthevariousdirectories,asecurityriskdevelops,whichcouldallowanunauthorizedindividualtohaveaccesstothenetwork.
∙Highcostofownership.Everybusinesssolutionthatisbasedonadifferentdirectorytechnologyrequiresthefollowing:
∙Astaffthatistrainedonthatdirectorytechnology
∙Differentoperationalandadministrativeprocedures
∙Maintenanceofadditionalsoftwarelicensesandseparatesupportagreements
∙Increasedcostofsuccess.Somedirectorytechnologiesarelicensedaccordingtothenumberofobjectsthatarecreatedinthedirectories.Thismeansthatlicensingandmaintenancecostsstartspiralingupwardasabusinesssolutionbecomesmoreandmoresuccessful.Today,thissituationaffectsorganizationsplanningtodeployextranetaccessmanagementsolutionsthatareintendedtoservicemillionsofcustomers.
∙Lackofbusinessprocessintegration.Directoryinformationcanbevolatile.Asusersmovefromonegrouptoanother,changeofficelocationsortelephonenumbers,andchangenamesorjobtitles,theirinformationmustbeupdatedinthedirectory.Ifthisinformationisreliedonbyotherbusinesssolutionsthathavedifferentdirectories,theotherdirectoriesmustalsobeupdated.Withoutanautomatedprocesstomakethesechanges,databecomesstaleandunsynchronizedacrossidentitystores.
WhatorganizationsreallyneedisadirectorythattheycandeploytosupportboththeirNOSinfrastructureandtheirapplicationsthatcan,whereappropriate,takeadvantageofthesecuritythatisbuiltintotheNOSinfrastructure.ActiveDirectoryApplicationModeachievesthisgoalwithouttheburdenofexpensivetraining,additionallicensing,oroperationalcoststhatcanbeincurredbytheinstallationofanadditionaldirectorytechnologytosupportdirectory-enabledapplications.
ActiveDirectoryApplicationModeisanewcapabilityinActiveDirectorythataddressescertaindeploymentscenariosthatarerelatedtodirectory-enabledapplications.ADAMrunsasanon-operating-systemservice,and,assuch,itdoesnotrequiredeploymentonadomaincontroller.Runningasanon-operating-systemservicemeansthatmultipleinstancesofADAMcanrunconcurrentlyonasingleserver,andeachinstancecanbeconfiguredindependently.
ActiveDirectoryApplicationModerepresentsabreakthroughindirectoryservicestechnologythatovercomesthepreviouslymentionedobstacles,maintainsflexibility,andhelpsorganizationsavoidincreasedinfrastructurecosts.
SimplicityofApplicationMode
Manyapplicationsrequireonlyasimpleapplicationdirectory.Theinformationthatisstoredinthisdirectorymightbeneithergloballyinterestingnorneedingwidereplication.ThisinformationmightrequireadifferentservicelevelthantheservicelevelthatisofferedbyexistingdomaincontrollershostinganNOSdirectory.Forexample,dataforanapplicationmightcontainhighlyvolatileinformation,causinghighreplicationtrafficthatcouldstrainnetworkresourcesifitisstoredintheNOSdirectory.Insuchcases,ActiveDirectoryApplicationModeprovidesalocationfortheapplicationdataandsatisfiesthededicatedstorerequirementsoftheapplication.
Applicationdirectoriesevolveovertime:
businessrequirementschange,forcingchangesindirectoryschemasorconfigurations.ActiveDirectoryApplicati
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- Introduction to Active Directory Application Mode
链接地址:https://www.bdocx.com/doc/22378700.html