Configuring Secure Connections Between the System and the Active Directory Application Mode

Normally, you can copy data from an existing Active Directory instance and import it into the Active Directory Lightweight Directory Services, previously known as Active Directory Application Mode (ADAM). In AD LDS / ADAM, you can set up different schemas with different configurations. For example, you can choose anything as a userid (such as uid or samAccountName).

However, when you use AD LDS / ADAM with ActivID CMS, ActivID CMS forces the values (for example, for the userid or the binding attribute).

Important: You must define an AD LDS / ADAM instance replicated from Active Directory as “Active Directory”, not as “ADAM”. You might see warnings related to the Device Policy management, because the CA The Certificate Authority (CA) issues and manages security credentials and public keys for message encryption in a networks environment. configuration information cannot be handled in ADAM directly. ActivID CMS still needs to access the Active Directory to get the CA configuration information.

Just to assist you, the following list summarizes the procedure that you must perform. For detailed information about ADAM, go to:
https://technet.microsoft.com/en-us/library/cc738377(v=ws.10).aspx

  1. Install ADAM and extend it with the basic schema from Active Directory. (ADAM has its own schema that is not compatible with replication from Active Directory, nor with the Microsoft PKI issuance process.)

  2. Establish ADAM synchronization with the Active Directory using the same naming context as Active Directory.

  3. Define a user in ADAM with administrative rights to the different naming contexts directory.

  4. Install ActivID CMS and define as directory type Active Directory.

  5. Add the ADAM directory to ActivID CMS as an Active Directory.

  6. Create ActivID CMS user groups based on the ADAM directory.

  7. Add the standard Active Directory to ActivID CMS (for retrieving the CA information only).

  8. Define the policies as needed. The system displays errors that are related to device policy management because the configurationNamingContext attribute used by ADAM is not compatible with the internal structure of Active Directory. However, you can define and update the policies as necessary.