Microsoft ships beta of Active Directory 'light'

Microsoft late Wednesday night shipped the first public beta of its Active Directory "light" and will release the final code of the application-specific directory by the end of the month, according to company officials.

Active Directory Application Mode (ADAM) is designed to be a stand-alone version of the directory dedicated to a single application and maintained separate from a corporation's core Active Directory. ADAM is based on the Lightweight Directory Access Protocol (LDAP) and is an alternative to the standard full install of Active Directory, which is known as a network operating system (NOS) directory because of its tie-in with the Windows server operating system.

ADAM will provide corporate users a directory for Web-based and other applications and a place to store data specific to those applications so it cannot compromise the security or stability of their core corporate directory. While ADAM is deployed independent of the NOS directory it can tap into user authentication services offered by the NOS Active Directory or NT 4.0's NTLM technology.

In addition, ADAM's directory data is not replicated throughout a corporation's core NOS directory, which means ADAM can be changed and modified without corrupting the core NOS version of Active Directory.

"This is long overdue to have this capability," says Nelson Ruest, director of Resolutions Enterprises, a systems integrator in Quebec, Canada, and co-author of the recently published book "Windows Server 2003, Best Practices for Enterprise Deployments."

Ruest has made the Active Directory chapter of the book available free on his Web site. "It is critical for Microsoft to separate the NOS directory and the application directory. The NOS directory has to be stable and secure but when you make application schema changes they replicate everywhere and you can't ever get rid of them."

Ruest says schema changes can bring instability even though in Windows Server 2003 users can now decommission Active Directory schema, which is the language that defines the directory. But even if the data is decommissioned it remains and clutters up the directory.

ADAM finally gives network executives the flexibility to deploy a directory without having to set-up an entire Windows server operating system environment on a domain controller and activate services such as Kerberos, DNS or public-key infrastructure.

And it finally gives Microsoft an answer to Web-based directories from competitors including Sun ONE Directory Server and Novell eDirectory, which both have been preferred by network executives as Web-based directories.

"This is just a new mode of Active Directory," says Kannan Iyer, program manager for Microsoft, who presented details of ADAM during a session at the TechEd conference and installed a version of ADAM in under five minutes. "It has the same store technology, the same tools and the same storage management infrastructure as Active Directory. But it gives you local control, autonomous schema and naming flexibility."

Iyer said ADAM can be restarted and reinstalled without having to do a reboot and in multiple instances can run on a single machine.

ADAM runs on Windows Server 2003 and Windows XP, where it can be used by developers building directory-enabled applications. ADAM runs on 32-bit and 64-bit versions of the operating system. Microsoft is considering a version that will run on its Small Business Server, Iyer said.

Microsoft has not announced licensing and pricing, but Iyer said Microsoft will likely mimic the model for Active Directory, which is included in the approximately $2,000 price tag of the operating system. Users will have to have a client access license for internal users and a connector license for external users.