Learn more about SQL Server tools

mssqltips logo
 

Tutorials          DBA          Dev          BI          Career          Categories          Webcasts          Whitepapers          Today's Tip          Join

Tutorials      DBA      Dev      BI      Categories      Webcasts

DBA    Dev    BI    Categories

 
Best Practices for Migrating SQL Server to Azure - free webinar
 

Install and Configure a Light Weight LDAP Directory for SharePoint


By:   |   Last Updated: 2011-07-21   |   Comments   |   Related Tips: > Sharepoint

Problem

Active Directory (AD) is an obvious choice for a user information store in Microsoft server environments. But if the requirement is to have an isolated light weight user store, Active Directory would be overkill or may not be appropriate.

Solution

The Microsoft solution would be Active Directory Application Mode (ADAM) or a SQL Server database. In a Windows Server 2003 environment, we have an ADAM user store and in Windows Server 2008 we have Active Directory Lightweight Directory Services (AD LDS). ADAM is a light weight LDAP directory that offers basic LDAP functions with a subset of Active Directory functionality. ADAM is the ideal solution in all the scenarios discussed above.

This article will guide us through installing and configuring ADAM on a Windows 2003 Server.

1. Installing ADAM

ADAM can be installed on Windows XP or Windows Server 2003 server OS.

a. To install ADAM, log on as an administrator, click Start -> Control Panel -> click Add or Remove Programs -> Add/Remove Windows Components.

b. Select the check box next to Active Directory Services, and then click Details.

c. Select the check box next to Active Directory Application Mode (ADAM) - click OK - click Next - click Finish. The message "You have successfully completed the Windows Component Wizard" appears, click Finish.

ADAM can also be installed using the installer from Microsoft which is available for download here.

Now we have enabled ADAM on our server. The next step is to create and configure the ADAM instance.

2. Create an ADAM Instance

a. We create an ADAM instance using Active Directory Application Mode Setup Wizard. To start the wizard click Start, point to All Programs, point to ADAM, and then click Create an ADAM instance. It looks similar to the below image:

Active Directory Application Mode Setup Wizard

b. Click Next on the Welcome Page and it takes us to the Setup Options page. Select the option Unique Instance because we are installing ADAM for first time on this server. Click Next.

Setup options page

c. In the next screen provide an instance name for this instance, click Next, configure port and click Next to move on to the Application Directory Partition screen.

Set Ports

d. Select the option "Yes, create an application directory partition" and key in a name for the partition and click Next. In the next screen provide the location to store ADAM Data and log files. The program files and administration tools would be installed in the ADAM folder in Windows installation directory.

Application Directory Partition

e. In the next screen select the service account to use with the ADAM instance. Default value here is the Network Service account and we could stick to this. In the next page we select a service or group which will be the default administrator for this ADAM instance. Lets keep the option currently logged in user and proceed to next screen, Import LDIF files.

f. The LDIF files are required so that we can create the directory schema. We will select and add MS-InetOrgPerson.LDF, MS-User.LDF, and MS-UserProxy.LDF. Click Next and click Finish to complete the setup process.

Import LDIF Files
Import LDIF Files

NOTE: If there are any error messages check the "adamsetup.log" and "adamsetup_loader.log" in the "Windows\Debug" folder

3. Configure ADAM Instance for setting up User store

The ADAM instance runs as a standard service and not a system service. It can be started or stopped through the Services MMC. Here are the steps to create and configure Users and containers:

a. The main administration tool for ADAM is 'ADAM ADSI Edit'. To access it Click Start -> All Programs -> ADAM, and then click ADAM ADSI Edit. In the console tree, click ADAM ADSI Edit to open the snap-in.

Import LDIF Files

b. Next we open a connection to the ADAM instance we created earlier. Right click ADAM ADSI Edit -> click 'Connect to' and it opens the Connection Settings screen. Key in a connection name. Server Name is the host name of the computer running the ADAM instance. For the Port number, Distinguished name (DN) or naming context, provide the value we entered while creating ADAM instance. Select the default value for the credentials and click OK. This creates a connection to our instance as shown below.

Connection Expanded

c. We can connect to multiple instances using this tool if required. Expand the connection we created and it displays the default structure. To create Users in ADAM, create a container for USERS. Right click on the Partition name. Click New, Select Object...

Create New Object

d. Select 'container' as class and name the object (for example: Users).

Select Container

e. Here is the result

User Container

f. To create a test user create another object container of class type User in the Users container we just created. I have named the user Manoj.

New User
New User object

Click the 'More Attributes' button for providing custom settings or Click 'finish' to create the USER.

Here is the resulting structure after creating 3 users:

Users created

By default, an ADAM instance running on Windows Server 2003 automatically enforces any local or domain password policies that exist.

(Note: If we create a new ADAM user, and we assign a password to that user which does not meet the requirements of the password policy in effect, the user will be disabled. If the server on which ADAM is running belongs to a workgroup, the server's local password policy settings and account lockout settings are implemented. If the server on which ADAM is running belongs to a domain, the password policy settings and account lockout settings from Active Directory are implemented.)

We can manage user settings using attributes. For example, we can enable or disable a User by setting the msDS-UserAccountDisabled attribute to True or False.

Now we have a user store where we can create and manage users and groups. We could use this ADAM instance for applications like SharePoint and configure it for Forms Based Authentication (FBA).

Next Steps


Last Updated: 2011-07-21


next webcast button


next tip button



About the author





Post a comment or let the author know this tip helped.

All comments are reviewed, so stay on subject or we may delete your comment. Note: your email address is not published. Required fields are marked with an asterisk (*).

*Name    *Email    Email me updates 


Signup for our newsletter
 I agree by submitting my data to receive communications, account updates and/or special offers about SQL Server from MSSQLTips and/or its Sponsors. I have read the privacy statement and understand I may unsubscribe at any time.



    



Learn more about SQL Server tools