Windows Tips & Tricks UPDATE--August 30, 2004

Windows Tips &amp Tricks UPDATE, August 30, 2004, —brought to you by the Windows &amp .NET Magazine Network and the Windows 2000 FAQ site
http://www.windows2000faq.com

Make sure your copy of Windows Tips & Tricks UPDATE isn't mistakenly blocked by antispam software! Be sure to add [email protected] to your list of allowed senders and contacts.


This Issue Sponsored By

Real-Time Monitoring with ELM Enterprise Manager
http://www.tntsoftware.com/wintipsec083004

Windows Scripting Solutions
http://www.winscriptingsolutions.com/rd.cfm?code=fsep264xup


Sponsor: Real-Time Monitoring with ELM Enterprise Manager

Managing your systems without real-time monitoring is like driving 200MPH blindfolded, you don't know there is a problem until it's too late! ELM Enterprise Manager from TNT Software gives you the Power-to-See the health and status of your systems at a single glance AND alerts you in time to take prompt corrective action. Download ELM Enterprise Manager NOW and start your FREE 30-day test drive. Experience the benefits of real-time monitoring with ELM Enterprise Manager.
http://www.tntsoftware.com/wintipsec083004


FAQs

  • Q. What's Active Directory Application Mode (ADAM)?
  • Q. How can I install Active Directory Application Mode (ADAM)?
  • Q. How can I add an Active Directory Application Mode (ADAM) replica to an existing ADAM instance?
  • Q. How can I verify that my Active Directory Application Mode (ADAM) partition replica addition worked?
  • Q. How can I create an object under Active Directory Application Mode (ADAM)?

Commentary
by John Savill, FAQ Editor, [email protected]

This week, I explain what Active Directory Application Mode (ADAM) is and how to install it. I also tell you how to add an ADAM replica to an existing ADAM instance, how to verify that an ADAM partition replica addition worked, and how to create an object under ADAM.


Sponsor: Windows Scripting Solutions

Try a Sample Issue of Windows Scripting Solutions
Windows Scripting Solutions is the monthly newsletter from Windows & .NET Magazine that shows you how to automate time-consuming, administrative tasks by using our simple downloadable code and scripting techniques. Sign up for a sample issue right now, and find out how you can save both time and money. Click here!
http://www.winscriptingsolutions.com/rd.cfm?code=fsep264xup


FAQs

Q. What's Active Directory Application Mode (ADAM)?

A. ADAM, which was introduced with Windows Server 2003, addresses requirements of directory-enabled applications that don't need to store their data in Active Directory (AD) but could still benefit from the security and authentication AD can offer. For example, an application might have to store a large amount of information that other applications don't need or that doesn't need to be replicated to every domain controller (DC). ADAM uses a separate database that has many of AD's features (e.g., schema, replication, management) but is totally separate from AD. This separate database means that you can have a separate schema for each ADAM instance--a feature that can be useful for testing. Like AD, ADAM offers a Lightweight Directory Access Protocol (LDAP) interface that lets LDAP- and AD-based applications seamlessly use ADAM.

Say you need to store a large amount of extra information about your users for an application or a portal. Typically, you'd have to change the AD schema to enable this information to be stored in AD. But, because the AD schema is forestwide, you might hesitate to change it. Instead of changing the schema, you can create an ADAM instance to store all the extra attributes for the users. The application or portal could authenticate against AD, then look up the additional information in ADAM.

ADAM runs as a nonsystem service and doesn't have to run on a DC. And because it's a nonsystem service, you can have multiple instances of ADAM running on one box. (However, you must configure each instance to listen on a unique LDAP port--for example, only one instance could use the default ports 389 and 636.) The following platforms support ADAM:

  • Windows Server 2003, Standard Edition
  • Windows Server 2003, Enterprise Edition
  • Windows Server 2003, Datacenter Edition
  • Windows XP Professional Edition Service Pack 1 (SP1)

Windows Server 2003, Web Edition doesn't support ADAM; however, you can install ADAM on Windows XP SP1 and above, which is useful for developer testing.

Many tools you use for AD management also apply to ADAM, such as the Repadmin command, the Microsoft Management Console (MMC) ADSI Edit snap-in, and LDP. ADAM also offers its own ADAM-specific tools such as Dsdbutil (ADAM's version of Ntdsutil) and Dsmgmt. For more information about ADAM, as well as the downloadable files you need to install it, go to http://www.microsoft.com/windowsserver2003/adam/default.mspx.

Q. How can I install Active Directory Application Mode (ADAM)?

A. Download the ADAM installation file at http://www.microsoft.com/windowsserver2003/adam/default.mspx and execute it. The file self-expands to a folder you select. Navigate to the selected folder and perform the following steps:

  1. Double-click adamsetup.exe.
  2. At the "Welcome to the Active Directory Application Mode Setup Wizard" screen, click Next.
  3. Select the "I accept the terms in the license agreement" option and click Next.
  4. Under the installation options, select to install "ADAM and ADAM administration tools" and click Next.
  5. In the window that the figure at http://www.windowsitpro.com/content/content/43843/adaminst1.gif shows, you can select the type of instance to create--a new unique instance or a replica of an existing instance. Select the "A unique instance" option and click Next.
  6. Enter the instance name for this ADAM installation. This name, with the prefix ADAM_ appended to it, names the service; for example, if you enter the name portal1, the service name is ADAM_portal1. Click Next to display the window that the figure at http://www.windowsitpro.com/content/content/43843/adaminst2.gif shows.
  7. Next, you must specify the Lightweight Directory Access Protocol (LDAP) ports to use. By default, the ports are 389 for regular communications and 636 for Secure Sockets Layer (SSL)-encrypted LDAP communications. If you're installing ADAM on an existing domain controller (DC), these ports are already in use, so you'll have to select other ports. Also, if you're installing a second instance of ADAM on a system and the first instance already uses ports 389 and 636, you'll need to select different port numbers. The recommended custom ports start at 50000, so you could use 50000 for LDAP and 50001 for SSL. Enter your port numbers and click Next.
  8. You're then asked whether you want to create an application partition. If you select "Yes, create an application directory partition", you must enter a valid partition name--for example,
    "cn=App1,o=Savilltech,c=US"
    Click Next.
  9. Choose the location for the database files and recovery files. You can accept the defaults (C:\program files\microsoft adam\\data) or enter a custom location. Click Next.
  10. Specify the account to run the ADAM service. In most cases you can use the default, "Network service account." Click Next. When the machine on which you're installing ADAM isn't in a domain and you select the Network service account, the wizard tells you that ADAM won't be able to replicate with other machines.
  11. Next, you're prompted to specify the ADAM default administrator. By default, this is the current user; alternatively, you can select "This account" and specify a different user or group--for example, the Domain Admins group. Click Next.
  12. At the window that the figure at http://www.windowsitpro.com/content/content/43843/adaminst4.gif shows, you can select the LDAP Data Interchange Format (LDIF) files to load. LDIF files define attributes and classes that will be added to your schema. For example, you can add the MS-InetOrgPerson type (i.e., the InetOrgPerson user definition). Select the "Import the selected LDIF files for this instance of ADAM" option, add the .ldf files you want to import to the "Selected LDIF files" list, and click Next.
  13. At the summary screen, click Next.
  14. After the ADAM installation is done, click Finish.

ADAM is now installed. You can check your installation by starting the ADAM ADSI Edit tool and making sure you can connect. If you run the command

net start

at a command prompt, you'll see a service listed that's the name of your instance (without the ADAM_ prefix). If you received an error during installation about creating a folder in the \windows\adam folder, simply manually create an empty \adam folder under the \windows folder and retry the installation.

Q. How can I add an Active Directory Application Mode (ADAM) replica to an existing ADAM instance?

A. ADAM lets you replicate partitions between ADAM servers. Like trees in an AD forest, the ADAM servers must share a common configuration and schema to replicate a partition. To add a replica to an existing ADAM instance, perform the following steps:

  1. Double-click adamsetup.exe.
  2. At the "Welcome to the Active Directory Application Mode Setup Wizard" screen, click Next.
  3. Select the "I accept the terms in the license agreement" option and click Next.
  4. Under the installation options, select to install "ADAM and ADAM administration tools" and click Next.
  5. You can now select the type of instance to create--a new unique instance or a replica of an existing instance. Select the "A replica of an existing instance" option and click Next.
  6. Enter the instance name for this ADAM installation. This name, with the prefix ADAM_ appended to it, names the service--for example, if you enter the name portal1, the service name is ADAM_portal1. Click Next. To simplify matters, you might want to give this instance the same name as the instance you're replicating from.
  7. Next, you're asked to specify the Lightweight Directory Access Protocol (LDAP) ports to use. Enter the port numbers you want and click Next. For more information about LDAP ports, see the FAQ "How can I install Active Directory Application Mode (ADAM)?".
  8. At the window that the figure at http://www.windowsitpro.com/content/content/43843/adamreplicaadd1.gif shows, enter the existing server name and the number of its LDAP port that you want to join. (Specify a host or DNS name for the server name, not an IP address.) Click Next.
  9. You're asked for credentials to be used to add this ADAM instance to the existing configuration set. Either select the current logged-on account or enter an account to use; click Next.
  10. A list of partitions that are available on the existing ADAM server is displayed. Select the partitions you want to replicate and click Next.
  11. Proceed with the steps as if you're performing a unique ADAM installation, as described in "How can I install Active Directory Application Mode (ADAM)?".

Q. How can I verify that my Active Directory Application Mode (ADAM) partition replica addition worked?

A. On the replica server, open the ADAM version of the Microsoft Management Console (MMC) ADSI Edit snap-in (Start, Programs, ADAM, ADAM ADSI Edit) and connect to the replicated partition by following these steps:

  1. Start the ADAM ADSI Edit tool on the replica server.
  2. Right-click the ADAM ADSI Edit root in the treeview pane and select "Connect to."
  3. Enter a connection name and leave the server name as localhost and the port as 389 (unless you changed the port during installation).
  4. Under "Connect to the following node," select the "Distinguished name (DN) or naming context" option, which the figure at http://www.windowsitpro.com/content/content/43843/adamconnectpart.gif shows, and enter the name of the partition you've replicated.
  5. Click OK.

If the replica addition works, ADSI Edit should now display the contents of your partition. It's a good idea to create an object in one copy of the replica and make sure it's replicated to the other members of the replica set. If the partition isn't cached, it hasn't replicated. If this occurs, you could try stopping and starting the ADAM service on the replica system, then try to reconnect.

Q. How can I create an object under Active Directory Application Mode (ADAM)?

A. Because ADAM is primarily used by applications, each application that uses an ADAM instance typically creates and manages the objects within it. However, you can use the Microsoft Management Console (MMC) ADAM ADSI Edit tool to create objects, although doing so on a large scale isn't advisable because it's time-consuming. To use the ADAM ADSI Edit tool to create objects, perform these steps:

  1. Start the ADAM ADSI Edit tool.
  2. Right-click the ADAM ADSI Edit root in the treeview pane and select "Connect to."
  3. Enter a connection name and leave the server name as localhost and the port as 389 (unless you changed the port during installation).
  4. Under "Connect to the following node," select the "Distinguished name (DN) or naming context" option and enter the partition name.
  5. Right-click the partition name or a container within it and select New, Object from the context menu, which the figure at http://www.windowsitpro.com/content/content/43843/adamcreateobj1.gif shows.
  6. A dialog box appears that contains a list of the available object types you can create. (The list contents vary depending on which LDAP Data Interchange Format--LDIF--files you loaded into ADAM.) Select an object type (e.g., user) and click Next.
  7. Enter the object's name (i.e., the cn value)--for example, John Savill--and click Next.
  8. You can now either click Finish or click More Attributes, which lets you set values for optional attributes. Set any attributes as required, then click Finish.

Announcements
(from Windows &amp .NET Magazine and its partners)

  • Microsoft Exchange Connections October 24-27 in Orlando, FL

  • Microsoft and Windows & .NET Magazine team up to produce the essential conference for network administrators and IT managers on Exchange Server and Outlook technology. Register early, and attend sessions at concurrently run Windows Connections for free. See the complete conference brochure online or call 800-505-1201 for more information.
    http://www.winconnections.com

  • From Chaos to Control: Using Service Management to Reclaim Your Life

  • Take control of your workday! If you are supporting 24 x 7 operations by working around the clock instead of 9 to 5, learn how you can benefit from a sound service-management strategy. In this free Web seminar, you'll learn practical steps for implementing service management for your key Windows systems and applications. Register now!
    http://www.winnetmag.com/seminars/servicemanagement/index.cfm?code=0830emailannc

  • Are You Using Best Practices When Managing Software Packaging and Predeployment Preparation?

  • In this free Web seminar, you'll learn best practices for managing software packaging and predeployment preparation. Discover how your organization can benefit from managing the workflow of the predeployment process to cut time and costs. Plus, you'll learn about different business scenarios that show ROI improvements from accurate workflow management. Register now!
    http://www.winnetmag.com/seminars/softwaredeployment/index.cfm?code=0830emailannc

    Events Central
    (A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events )

  • Free Roadshow Event in Your City Soon--HP Wireless & Mobility Roadshow 2004

  • In this free roadshow, you'll discover trends in the wireless and mobility industry and come away with a better understanding of wireless and mobility solutions. And, talk firsthand about your wireless projects with leaders in the industry. See proven wireless and mobile solutions in action. Register now!
    http://www.winnetmag.com/roadshows/mobilewireless/index.cfm?code=0830emailannc

    Contact Us
    Here's how to reach us with your comments and questions:

    Contact Our Sponsors
    Primary Sponsor:
    TNT Software -- http://www.tntsoftware.com -- 1-360-546-0878

    This weekly email newsletter is brought to you by Windows &amp .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
    http://www.winnetmag.com/sub.cfm?code=wswi201x1z

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.net/email

    Hide comments

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish