ADSI Evaluation Criteria
Topic Last Modified: 2008-09-03
This topic provides information about using Active Directory Services Interfaces (ADSI) to develop messaging applications.
Active Directory Services Interfaces is a set of open interfaces that abstract the capabilities of directory services from different network providers to present a single view for accessing and managing network resources. Administrators and developers can use ADSI services to enumerate and manage resources in a directory service, regardless of which network environment contains the resource. This can be an LDAP-based, NDS-based, or NTDS-based directory. It does not matter so long as a service provider is available for that directory service.
Caveats
Functional Criteria
| Criteria | Active Directory Services Interfaces (ADSI) |
|---|---|
Application Domain |
When using ADSI to access Active Directory, many different application types are common. Active Directory stores information about resources and resource users in one or more organizations. |
Major Objects |
ADSI objects abstract computers, users, user groups, printers, sessions, services, other network resources, as well as Active Directory schema. |
Data access model |
This information is not yet available here. |
Threading Models |
This information is not yet available here. |
Application Architectures |
This information is not yet available here. |
Remote Usage |
Yes. |
Transactions |
Yes. |
Management Capabilities |
ADSI and Active Directory are instrumented and managed through standard Windows technologies. |
Availability |
This information is not yet available here. |
Development Criteria
| Criteria | Active Directory Services Interfaces (ADSI) |
|---|---|
Languages and Tools |
ADSI can be used with any COM/Automation-compatible languages, as well as with non-COM languages such as C/C++. |
Managed Implementation |
Yes. (System Directory Services). |
Scriptable |
Yes. |
Test/Debug Tools |
All standard test and debugging tools, as well as other Microsoft and third-party test and debugging tools. |
Expert Availability |
ADSI is a reasonably well-known technology, with abundant Microsoft and Third-Party information available. |
Available Information |
Numerous third-party Web sites and books exist, and Microsoft provides ADSI and Active Directory information on the MSDN Web site. |
Developer/Deployment Licensing |
No special licensing is required for development by using ADSI. The libraries and COM objects are installed with Windows. |
Security Criteria
| Criteria | Active Directory Services Interfaces (ADSI) |
|---|---|
Design-Time Permissions |
The account under which the application under development runs must have proper permissions to access the intended information. This varies greatly based on the type of operations the application is performing. Granting Schema Administrator rights to developers or service account should be avoided. |
Setup Permissions |
No special permissions are needed to install applications that use ADSI, beyond those needed when installing applications of similar architecture. If the setup application must make schema changes to Active Directory, then the user running Setup must be a schema administrator in the domain. If the Setup application must change data inside Active Directory, the user running Setup must have appropriate permissions to make those changes. |
Run-Time Permissions |
Applications that use ADSI should be deployed only on those systems and for users who have sufficient permissions to access the information needed by the application. |
Built-in Security Features |
ADSI and Active Directory fully support the entire Windows authentication and authorization features, including item-level permissions within Active Directory. |
Security Monitoring Features |
This information is not yet available here. |
Deployment Criteria
| Criteria | Active Directory Services Interfaces (ADSI) |
|---|---|
Server Platform Requirements |
No special requirements. |
Client Platform Requirements |
No special requirements to access Active Directory information within the user's domain. Cross-domain, or cross-forest, access may be limited by Active Directory security policies. |
Deployment Methods |
No special deployment methods are required. |
Deployment Notes |
None. |