• United States

AD Lite gets heavy into multiple instances

Jun 02, 20033 mins
Access ControlEnterprise Applications

* Active Directory, Application Mode

Sun ONE Directory Server, Novell’s eDirectory and even the open source OpenLDAP server all work on multiple platforms. Vendors of directory enabled applications and services can be fairly confident that users will either have one of these directory services or can easily implement one. Microsoft has noticed this and evidently wants a piece of the action for Active Directory.

I mentioned Active Directory, Application Mode (or AD Lite as we like to call it) in the Windows newsletter last summer (see link below). Now that Windows Server 2003 has been released, AD Lite is also available (and a big thanks to Bruce Greenblatt at Directory Tools and Application Services for reminding me).

AD Lite allows a network manager to add a Windows Server 2003 box to a network running LDAP-enabled applications. Managers can also add services that can use the Win2K3 Active Directory as the LDAP repository without having to either add the AD instance to an existing directory tree or implement a new tree based on this instance.

Third party software vendors and service providers like to write to the Windows platform. First, it’s almost ubiquitous. Secondly, though, the rich panoply of tools available to developers make it an easier platform to design to than, say, Linux. These facts weren’t lost on developers of identity management products.

Over the past three years, many networks have instituted identity management projects based on applications running on Windows 2000 servers but using non-Microsoft directory services. Active Directory was simply too high maintenance to be used purely in application support. Sun ONE, eDirectory or OpenLDAP – all of which run on Windows 2000 – were much easier to implement and maintain. Microsoft did learn from this, and adapted.

According to Microsoft’s explanatory white paper (

“Active Directory Application Mode (ADAM) is a new capability of Microsoft Active Directory that addresses certain deployment scenarios related to directory-enabled applications. ADAM runs as a non-operating system service and, as such, does not require deployment on a domain controller. Running as a non-operating system service means that multiple instances of ADAM can run concurrently on a single server, with each instance being independently configurable.”

That’s right, multiple instances running on a single server that doesn’t have to be a domain-controller.

It’s not multiple platform support. AD Lite isn’t quite in the same category as Sun ONE, eDirectory or even OpenLDAP. Nevertheless, AD Lite does give network managers – and software vendors – another option when looking to deploy Windows-based software and services.  I don’t think that’s a bad thing.