ADAM:security implications

[magoo]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have a third party application that serves thousands of users. The goal is
let such application use my existing Windows AD accounts and therefore take
advantage of a single sign-on, same password, etc instead of creating new
logins only dedicated for such application.

According to the vendor of such product the integration AD<--> third-party
app would be setup using ADAM (what requires an ODBC connection to access AD
if I recall correctly).

What's the security implications when using ADAM ?

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

AD/AM doesn't need an ODBC connection to AD.

The question however is, do they figure you are going to sync all of the
principals from AD into AD/AM or are they planning on binding to AD/AM with AD
principals? If the former, it means extra work for syncing which I am not sure I
would buy into unless there was some reason the app shouldn't hit AD for auth
directly.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Magoo wrote:
> I have a third party application that serves thousands of users. The goal is
> let such application use my existing Windows AD accounts and therefore take
> advantage of a single sign-on, same password, etc instead of creating new
> logins only dedicated for such application.
>
> According to the vendor of such product the integration AD<--> third-party
> app would be setup using ADAM (what requires an ODBC connection to access AD
> if I recall correctly).
>
> What's the security implications when using ADAM ?
>
>

 

[magoo]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks. Isn't MIIS the tool appropriate to let me sync accounts/passwords
across systems if I already have a heck of AD structure in place ? Any good
reason to use ADAM instead ?


"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:eAJ$Ue0RFHA.3988@tk2msftngp13.phx.gbl...
> AD/AM doesn't need an ODBC connection to AD.
>
> The question however is, do they figure you are going to sync all of the
> principals from AD into AD/AM or are they planning on binding to AD/AM
with AD
> principals? If the former, it means extra work for syncing which I am not
sure I
> would buy into unless there was some reason the app shouldn't hit AD for
auth
> directly.
>
> joe
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> Magoo wrote:
> > I have a third party application that serves thousands of users. The
goal is
> > let such application use my existing Windows AD accounts and therefore
take
> > advantage of a single sign-on, same password, etc instead of creating
new
> > logins only dedicated for such application.
> >
> > According to the vendor of such product the integration AD<-->
third-party
> > app would be setup using ADAM (what requires an ODBC connection to
access AD
> > if I recall correctly).
> >
> > What's the security implications when using ADAM ?
> >
> >

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

AD/AM doesn't sync anything by itself, it is an LDAP Server, a repository. You
can use MIIS, IFP, or the up and coming AD/AM Sync to sync things from AD to
AD/AM. However, you shouldn't have to sync anything to AD/AM if this is only
about authentication on the internal LAN. The application should be able to
authenticate directly against AD.

joe




--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Magoo wrote:
> Thanks. Isn't MIIS the tool appropriate to let me sync accounts/passwords
> across systems if I already have a heck of AD structure in place ? Any good
> reason to use ADAM instead ?
>
>
> "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
> news:eAJ$Ue0RFHA.3988@tk2msftngp13.phx.gbl...
>
>>AD/AM doesn't need an ODBC connection to AD.
>>
>>The question however is, do they figure you are going to sync all of the
>>principals from AD into AD/AM or are they planning on binding to AD/AM
>
> with AD
>
>>principals? If the former, it means extra work for syncing which I am not
>
> sure I
>
>>would buy into unless there was some reason the app shouldn't hit AD for
>
> auth
>
>>directly.
>>
>> joe
>>
>>--
>>Joe Richards Microsoft MVP Windows Server Directory Services
>>www.joeware.net
>>
>>
>>Magoo wrote:
>>
>>>I have a third party application that serves thousands of users. The
>
> goal is
>
>>>let such application use my existing Windows AD accounts and therefore
>
> take
>
>>>advantage of a single sign-on, same password, etc instead of creating
>
> new
>
>>>logins only dedicated for such application.
>>>
>>>According to the vendor of such product the integration AD<-->
>
> third-party
>
>>>app would be setup using ADAM (what requires an ODBC connection to
>
> access AD
>
>>>if I recall correctly).
>>>
>>>What's the security implications when using ADAM ?
>>>
>>>
>
>
>