ADAM:security implications
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.active_directory (More info?)
I have a third party application that serves thousands of users. The goal is
let such application use my existing Windows AD accounts and therefore take
advantage of a single sign-on, same password, etc instead of creating new
logins only dedicated for such application.
According to the vendor of such product the integration AD<--> third-party
app would be setup using ADAM (what requires an ODBC connection to access AD
if I recall correctly).
What's the security implications when using ADAM ?
I have a third party application that serves thousands of users. The goal is
let such application use my existing Windows AD accounts and therefore take
advantage of a single sign-on, same password, etc instead of creating new
logins only dedicated for such application.
According to the vendor of such product the integration AD<--> third-party
app would be setup using ADAM (what requires an ODBC connection to access AD
if I recall correctly).
What's the security implications when using ADAM ?
More about : adam security implications
Archived from groups: microsoft.public.win2000.active_directory (More info?)
AD/AM doesn't need an ODBC connection to AD.
The question however is, do they figure you are going to sync all of the
principals from AD into AD/AM or are they planning on binding to AD/AM with AD
principals? If the former, it means extra work for syncing which I am not sure I
would buy into unless there was some reason the app shouldn't hit AD for auth
directly.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Magoo wrote:
> I have a third party application that serves thousands of users. The goal is
> let such application use my existing Windows AD accounts and therefore take
> advantage of a single sign-on, same password, etc instead of creating new
> logins only dedicated for such application.
>
> According to the vendor of such product the integration AD<--> third-party
> app would be setup using ADAM (what requires an ODBC connection to access AD
> if I recall correctly).
>
> What's the security implications when using ADAM ?
>
>
AD/AM doesn't need an ODBC connection to AD.
The question however is, do they figure you are going to sync all of the
principals from AD into AD/AM or are they planning on binding to AD/AM with AD
principals? If the former, it means extra work for syncing which I am not sure I
would buy into unless there was some reason the app shouldn't hit AD for auth
directly.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Magoo wrote:
> I have a third party application that serves thousands of users. The goal is
> let such application use my existing Windows AD accounts and therefore take
> advantage of a single sign-on, same password, etc instead of creating new
> logins only dedicated for such application.
>
> According to the vendor of such product the integration AD<--> third-party
> app would be setup using ADAM (what requires an ODBC connection to access AD
> if I recall correctly).
>
> What's the security implications when using ADAM ?
>
>
Archived from groups: microsoft.public.win2000.active_directory (More info?)
Thanks. Isn't MIIS the tool appropriate to let me sync accounts/passwords
across systems if I already have a heck of AD structure in place ? Any good
reason to use ADAM instead ?
"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:eAJ$Ue0RFHA.3988@tk2msftngp13.phx.gbl...
> AD/AM doesn't need an ODBC connection to AD.
>
> The question however is, do they figure you are going to sync all of the
> principals from AD into AD/AM or are they planning on binding to AD/AM
with AD
> principals? If the former, it means extra work for syncing which I am not
sure I
> would buy into unless there was some reason the app shouldn't hit AD for
auth
> directly.
>
> joe
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> Magoo wrote:
> > I have a third party application that serves thousands of users. The
goal is
> > let such application use my existing Windows AD accounts and therefore
take
> > advantage of a single sign-on, same password, etc instead of creating
new
> > logins only dedicated for such application.
> >
> > According to the vendor of such product the integration AD<-->
third-party
> > app would be setup using ADAM (what requires an ODBC connection to
access AD
> > if I recall correctly).
> >
> > What's the security implications when using ADAM ?
> >
> >
Thanks. Isn't MIIS the tool appropriate to let me sync accounts/passwords
across systems if I already have a heck of AD structure in place ? Any good
reason to use ADAM instead ?
"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:eAJ$Ue0RFHA.3988@tk2msftngp13.phx.gbl...
> AD/AM doesn't need an ODBC connection to AD.
>
> The question however is, do they figure you are going to sync all of the
> principals from AD into AD/AM or are they planning on binding to AD/AM
with AD
> principals? If the former, it means extra work for syncing which I am not
sure I
> would buy into unless there was some reason the app shouldn't hit AD for
auth
> directly.
>
> joe
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> Magoo wrote:
> > I have a third party application that serves thousands of users. The
goal is
> > let such application use my existing Windows AD accounts and therefore
take
> > advantage of a single sign-on, same password, etc instead of creating
new
> > logins only dedicated for such application.
> >
> > According to the vendor of such product the integration AD<-->
third-party
> > app would be setup using ADAM (what requires an ODBC connection to
access AD
> > if I recall correctly).
> >
> > What's the security implications when using ADAM ?
> >
> >
Archived from groups: microsoft.public.win2000.active_directory (More info?)
AD/AM doesn't sync anything by itself, it is an LDAP Server, a repository. You
can use MIIS, IFP, or the up and coming AD/AM Sync to sync things from AD to
AD/AM. However, you shouldn't have to sync anything to AD/AM if this is only
about authentication on the internal LAN. The application should be able to
authenticate directly against AD.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Magoo wrote:
> Thanks. Isn't MIIS the tool appropriate to let me sync accounts/passwords
> across systems if I already have a heck of AD structure in place ? Any good
> reason to use ADAM instead ?
>
>
> "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
> news:eAJ$Ue0RFHA.3988@tk2msftngp13.phx.gbl...
>
>>AD/AM doesn't need an ODBC connection to AD.
>>
>>The question however is, do they figure you are going to sync all of the
>>principals from AD into AD/AM or are they planning on binding to AD/AM
>
> with AD
>
>>principals? If the former, it means extra work for syncing which I am not
>
> sure I
>
>>would buy into unless there was some reason the app shouldn't hit AD for
>
> auth
>
>>directly.
>>
>> joe
>>
>>--
>>Joe Richards Microsoft MVP Windows Server Directory Services
>>www.joeware.net
>>
>>
>>Magoo wrote:
>>
>>>I have a third party application that serves thousands of users. The
>
> goal is
>
>>>let such application use my existing Windows AD accounts and therefore
>
> take
>
>>>advantage of a single sign-on, same password, etc instead of creating
>
> new
>
>>>logins only dedicated for such application.
>>>
>>>According to the vendor of such product the integration AD<-->
>
> third-party
>
>>>app would be setup using ADAM (what requires an ODBC connection to
>
> access AD
>
>>>if I recall correctly).
>>>
>>>What's the security implications when using ADAM ?
>>>
>>>
>
>
>
AD/AM doesn't sync anything by itself, it is an LDAP Server, a repository. You
can use MIIS, IFP, or the up and coming AD/AM Sync to sync things from AD to
AD/AM. However, you shouldn't have to sync anything to AD/AM if this is only
about authentication on the internal LAN. The application should be able to
authenticate directly against AD.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Magoo wrote:
> Thanks. Isn't MIIS the tool appropriate to let me sync accounts/passwords
> across systems if I already have a heck of AD structure in place ? Any good
> reason to use ADAM instead ?
>
>
> "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
> news:eAJ$Ue0RFHA.3988@tk2msftngp13.phx.gbl...
>
>>AD/AM doesn't need an ODBC connection to AD.
>>
>>The question however is, do they figure you are going to sync all of the
>>principals from AD into AD/AM or are they planning on binding to AD/AM
>
> with AD
>
>>principals? If the former, it means extra work for syncing which I am not
>
> sure I
>
>>would buy into unless there was some reason the app shouldn't hit AD for
>
> auth
>
>>directly.
>>
>> joe
>>
>>--
>>Joe Richards Microsoft MVP Windows Server Directory Services
>>www.joeware.net
>>
>>
>>Magoo wrote:
>>
>>>I have a third party application that serves thousands of users. The
>
> goal is
>
>>>let such application use my existing Windows AD accounts and therefore
>
> take
>
>>>advantage of a single sign-on, same password, etc instead of creating
>
> new
>
>>>logins only dedicated for such application.
>>>
>>>According to the vendor of such product the integration AD<-->
>
> third-party
>
>>>app would be setup using ADAM (what requires an ODBC connection to
>
> access AD
>
>>>if I recall correctly).
>>>
>>>What's the security implications when using ADAM ?
>>>
>>>
>
>
>
Related ressources:
- ForumSecurity Implications of WMP10 "Display Media Info from In..
- ForumAD to ADAM migration
- ForumImplications of "do not use proxy settings for these addre..
- ForumImplications when users auto-reset passwords via a webform
- ForumVideo formats - ripping to fileserver
- ForumSecurity key
- ForumNotifiying Away on Holiday Emails
- ForumTiger $50.00
- ForumAirline Pilots Allowed to Dodge Security Screening
- Forumintel in 50 years
- ForumSecurity and USB programme
- Forumnew patch?
- Forumconcerns about jumbo frames
- ForumA survey on password security for a class
- Forumbroadband security
- ForumMicrosoft Security Bulletin MS04-030 - fix fix fix fix fix
- Forumsecurity issues
- ForumParallel and com ports not appearing in device manager
- Forumsecurity on OUs
- ForumSecurity policies are propagated with warning. 0xd : The d..
- More resources
!
