ADAM:security implications

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have a third party application that serves thousands of users. The goal is
let such application use my existing Windows AD accounts and therefore take
advantage of a single sign-on, same password, etc instead of creating new
logins only dedicated for such application.

According to the vendor of such product the integration AD<--> third-party
app would be setup using ADAM (what requires an ODBC connection to access AD
if I recall correctly).

What's the security implications when using ADAM ?
3 answers Last reply
More about adam security implications
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    AD/AM doesn't need an ODBC connection to AD.

    The question however is, do they figure you are going to sync all of the
    principals from AD into AD/AM or are they planning on binding to AD/AM with AD
    principals? If the former, it means extra work for syncing which I am not sure I
    would buy into unless there was some reason the app shouldn't hit AD for auth
    directly.

    joe

    --
    Joe Richards Microsoft MVP Windows Server Directory Services
    www.joeware.net


    Magoo wrote:
    > I have a third party application that serves thousands of users. The goal is
    > let such application use my existing Windows AD accounts and therefore take
    > advantage of a single sign-on, same password, etc instead of creating new
    > logins only dedicated for such application.
    >
    > According to the vendor of such product the integration AD<--> third-party
    > app would be setup using ADAM (what requires an ODBC connection to access AD
    > if I recall correctly).
    >
    > What's the security implications when using ADAM ?
    >
    >
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Thanks. Isn't MIIS the tool appropriate to let me sync accounts/passwords
    across systems if I already have a heck of AD structure in place ? Any good
    reason to use ADAM instead ?


    "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
    news:eAJ$Ue0RFHA.3988@tk2msftngp13.phx.gbl...
    > AD/AM doesn't need an ODBC connection to AD.
    >
    > The question however is, do they figure you are going to sync all of the
    > principals from AD into AD/AM or are they planning on binding to AD/AM
    with AD
    > principals? If the former, it means extra work for syncing which I am not
    sure I
    > would buy into unless there was some reason the app shouldn't hit AD for
    auth
    > directly.
    >
    > joe
    >
    > --
    > Joe Richards Microsoft MVP Windows Server Directory Services
    > www.joeware.net
    >
    >
    > Magoo wrote:
    > > I have a third party application that serves thousands of users. The
    goal is
    > > let such application use my existing Windows AD accounts and therefore
    take
    > > advantage of a single sign-on, same password, etc instead of creating
    new
    > > logins only dedicated for such application.
    > >
    > > According to the vendor of such product the integration AD<-->
    third-party
    > > app would be setup using ADAM (what requires an ODBC connection to
    access AD
    > > if I recall correctly).
    > >
    > > What's the security implications when using ADAM ?
    > >
    > >
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    AD/AM doesn't sync anything by itself, it is an LDAP Server, a repository. You
    can use MIIS, IFP, or the up and coming AD/AM Sync to sync things from AD to
    AD/AM. However, you shouldn't have to sync anything to AD/AM if this is only
    about authentication on the internal LAN. The application should be able to
    authenticate directly against AD.

    joe


    --
    Joe Richards Microsoft MVP Windows Server Directory Services
    www.joeware.net


    Magoo wrote:
    > Thanks. Isn't MIIS the tool appropriate to let me sync accounts/passwords
    > across systems if I already have a heck of AD structure in place ? Any good
    > reason to use ADAM instead ?
    >
    >
    > "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
    > news:eAJ$Ue0RFHA.3988@tk2msftngp13.phx.gbl...
    >
    >>AD/AM doesn't need an ODBC connection to AD.
    >>
    >>The question however is, do they figure you are going to sync all of the
    >>principals from AD into AD/AM or are they planning on binding to AD/AM
    >
    > with AD
    >
    >>principals? If the former, it means extra work for syncing which I am not
    >
    > sure I
    >
    >>would buy into unless there was some reason the app shouldn't hit AD for
    >
    > auth
    >
    >>directly.
    >>
    >> joe
    >>
    >>--
    >>Joe Richards Microsoft MVP Windows Server Directory Services
    >>www.joeware.net
    >>
    >>
    >>Magoo wrote:
    >>
    >>>I have a third party application that serves thousands of users. The
    >
    > goal is
    >
    >>>let such application use my existing Windows AD accounts and therefore
    >
    > take
    >
    >>>advantage of a single sign-on, same password, etc instead of creating
    >
    > new
    >
    >>>logins only dedicated for such application.
    >>>
    >>>According to the vendor of such product the integration AD<-->
    >
    > third-party
    >
    >>>app would be setup using ADAM (what requires an ODBC connection to
    >
    > access AD
    >
    >>>if I recall correctly).
    >>>
    >>>What's the security implications when using ADAM ?
    >>>
    >>>
    >
    >
    >
Ask a new question

Read More

Security Active Directory Windows