Getting Started with ADAM

If you have gotten this far, I have likely convinced you that there is merit in building a solution around ADAM. So how do you get started? First, you need the software.

ADAM only supports Windows XP and Windows 2003 (all editions except Web Edition), in both 32 and 64 bit versions. There are no other software requirements. It does not matter which security model of these operating systems you use (forest, domain, or workgroup). In general, the Windows XP support is for development, but that does not seem to be enforced. I would not want to deploy ADAM to production on anything except for Windows 2003.

Getting the software is simple. The ADAM Web site permits you to download the redistributable package fairly simply. There are four installers to be aware of:

• X86 Retail: The standard installer for development or self-hosting applications.
• X86 Redistributable: The installer for use with your application distribution.
• IA64 Retail: The 64 bit installer for development or self-hosting applications.
• IA64 Redistributable: The 64 bit installer for use with your application distribution.

There does not seem to be an AMD64 installer, though I would guess that it is forthcoming. Contact Microsoft directly if this is a pressing need.

Installing ADAM

Setting up ADAM requires a little knowledge of how LDAP works. Once you launch the installer and get past the license agreement, you are greeted with the first useful installation screen, as seen in Figure 3:

Figure 3: Selecting an Instance Type

Typically, you would install a unique instance, especially for development purposes. To create a replicated copy of another instance in your enterprise, you would select the second option.

Note that the replicated instance is much like Active Directory. All changes made to the new instance or the old instance will be propagated to both instances.

Next, you are asked to name the instance, as seen in Figure 4:

Figure 4: Naming the Instance

Each instance needs a unique name on a machine. This name is used to create the Windows Service for the instance. Since there can be multiple instances of ADAM on a single machine, it's very useful to make this name descriptive. Now, you must decide which port numbers your instance will listen on, as seen in Figure 5:

Figure 5: Picking Port Numbers

LDAP uses port 389 for normal traffic, and 636 for SSL traffic. Typically, you do not want to use these ports if your organization (or your client's organization) expects to use Active Directory or another LDAP implementation. I prefer to use numbers above the 1024 range and end them with the LDAP port numbers, to make it a bit clearer that these are, in fact, LDAP ports.

Next up: create an application directory partition for our data to live within, as seen in Figure 6:

Figure 6: Creating an Application Partition

Application directory partitions help segment multiple applications on a single instance of ADAM. Think of it as just a namespace to separate different data. The concept is much the same as a SQL Server database. Different partitions share common schema (as schema is particular to an instance of ADAM).

Next, the installer wants us to select a location for our data files, as seen in Figure 7:

Figure 7: Selecting a data location

This is different from Active Directory, in that the actual data files are readily apparent and can be backed up atomically as files (unlike in Active Directory). Normally, the default location is fine. The “Data Recovery Files” are simply files akin to the database log files, and they perform the same purpose. You may want to separate these onto different physical drives in production, as you would a SQL database.

You also need to specify an account to use for running the service, as Figure 8 shows:

Figure 8: Service Account Selection

Since ADAM runs as a service, you need to specify a service account. Typically, the Network service account is fine, and its limited permissions do not cause any problems.

Now that you know who the service will run as, you select who can actually administer ADAM (see Figure 9). I typically set this up to the machine or domain's Administrators group, so that all administrators can have access.

Figure 9: Selecting users or groups for ADAM Administration

You may select from several standard LDAP Interchange Files (LDIF) to import into the new schema, as seen in Figure 10:

Figure 10: Importing Standard Schemas

Generally, I choose to install all of these. The MS-User.LDF and MS-InetOrgPerson.LDF files are especially helpful if you'll use ADAM to store people and organizations.

At this point, ADAM will install. Once this process is complete, you have an ADAM instance to work with.

Now that we have an instance, let's write some code!