ADSI Evaluation Criteria

Topic Last Modified: 2008-09-03

This topic provides information about using Active Directory Services Interfaces (ADSI) to develop messaging applications.

Active Directory Services Interfaces is a set of open interfaces that abstract the capabilities of directory services from different network providers to present a single view for accessing and managing network resources. Administrators and developers can use ADSI services to enumerate and manage resources in a directory service, regardless of which network environment contains the resource. This can be an LDAP-based, NDS-based, or NTDS-based directory. It does not matter so long as a service provider is available for that directory service.

Caveats

Functional Criteria

Criteria Active Directory Services Interfaces (ADSI)

Application Domain

When using ADSI to access Active Directory, many different application types are common. Active Directory stores information about resources and resource users in one or more organizations.

Major Objects

ADSI objects abstract computers, users, user groups, printers, sessions, services, other network resources, as well as Active Directory schema.

Data access model

This information is not yet available here.

Threading Models

This information is not yet available here.

Application Architectures

This information is not yet available here.

Remote Usage

Yes.

Transactions

Yes.

Management Capabilities

ADSI and Active Directory are instrumented and managed through standard Windows technologies.

Availability

This information is not yet available here.

Development Criteria

Criteria Active Directory Services Interfaces (ADSI)

Languages and Tools

ADSI can be used with any COM/Automation-compatible languages, as well as with non-COM languages such as C/C++.

Managed Implementation

Yes. (System Directory Services).

Scriptable

Yes.

Test/Debug Tools

All standard test and debugging tools, as well as other Microsoft and third-party test and debugging tools.

Expert Availability

ADSI is a reasonably well-known technology, with abundant Microsoft and Third-Party information available.

Available Information

Numerous third-party Web sites and books exist, and Microsoft provides ADSI and Active Directory information on the MSDN Web site.

Developer/Deployment Licensing

No special licensing is required for development by using ADSI. The libraries and COM objects are installed with Windows.

Security Criteria

Criteria Active Directory Services Interfaces (ADSI)

Design-Time Permissions

The account under which the application under development runs must have proper permissions to access the intended information. This varies greatly based on the type of operations the application is performing. Granting Schema Administrator rights to developers or service account should be avoided.

Setup Permissions

No special permissions are needed to install applications that use ADSI, beyond those needed when installing applications of similar architecture. If the setup application must make schema changes to Active Directory, then the user running Setup must be a schema administrator in the domain. If the Setup application must change data inside Active Directory, the user running Setup must have appropriate permissions to make those changes.

Run-Time Permissions

Applications that use ADSI should be deployed only on those systems and for users who have sufficient permissions to access the information needed by the application.

Built-in Security Features

ADSI and Active Directory fully support the entire Windows authentication and authorization features, including item-level permissions within Active Directory.

Security Monitoring Features

This information is not yet available here.

Deployment Criteria

Criteria Active Directory Services Interfaces (ADSI)

Server Platform Requirements

No special requirements.

Client Platform Requirements

No special requirements to access Active Directory information within the user's domain. Cross-domain, or cross-forest, access may be limited by Active Directory security policies.

Deployment Methods

No special deployment methods are required.

Deployment Notes

None.