Configuring Secure Connections Between the System and the Active Directory Application Mode

Normally, you can copy data from an existing Active Directory instance and import it into the Active Directory Lightweight Directory Services, previously known as Active Directory Application Mode (ADAM). In AD LDS, you can set up different schemas with different configurations. For example, you can choose anything as a userid (such as uid or samAccountName).

However, when you use AD LDS with ActivID CMS, ActivID CMS forces the values (for example, for the userid or the binding attribute).

Important: You must define an AD LDS instance replicated from Active Directory as “Active Directory”, not as “ADAM”. You might see warnings related to the Device Policy management, because the CA configuration information cannot be handled in ADAM directly. ActivID CMS still needs to access the Active Directory to get the CA configuration information.

Just to assist you, the following list summarizes the procedure that you must perform.

  1. Install AD LDS and extend it with the basic schema from Active Directory. (AD LDS has its own schema that is not compatible with replication from Active Directory, nor with the Microsoft PKI issuance process.)

  2. Establish AD LDS synchronization with the Active Directory using the same naming context as Active Directory.

  3. Define a user in AD LDS with administrative rights to the different naming contexts directory.

  4. Install ActivID CMS and add the AD LDS directory to ActivID CMS as an Active Directory.

  5. Create ActivID CMS user groups based on the AD LDS directory.

  6. Add the standard Active Directory to ActivID CMS (for retrieving the CA information only).

  7. Define the policies as needed. The system displays errors that are related to device policy management because the configurationNamingContext attribute used by AD LDS is not compatible with the internal structure of Active Directory. However, you can define and update the policies as necessary.