Active Directory Application Mode

As a software developer I’ve stayed far away from anything having to do with Active Directory. That’s for the network guys! That’s what I’ve always thought at least, until last week.

That’s when I began doing some research for an application’s Authentication and Authorization system. I kept coming back to the Microsoft recommended approach of storing application user information in a directory service, but I didn’t want to have the application require an Active Directory or, worse, require customers to apply schema changes to their AD (something I’d expect to be met with a lot of resistance).

Then I discovered Active Directory Application Mode, ADAM for short. It provides essentially the same functionality (from an application’s viewpoint) as its big brother – you can extend the schema with custom classes and attributes, assign security rights, authenticate users, etc., all without impacting an organization’s infrastructure.

Now an application can be installed with its own directory service. Regarding users, it can be its own user store (ADAM Users) and/or reference domain accounts. This is exactly the functionality we need, the ability to have domain and non-domain accounts co-exist in a clean manner, with the ability to store information on each without requiring the customer to change their AD schema. I’m very excited about using ADAM, it seems to fit exactly where we need and should supply a solid (and standard) foundation for our Authorization and Authentication system. Pretty cool if you ask me.