Re: [ActiveDir] Identity Management using AD

[jim . katoe]

There is a MS moderated MMS mailing list on yahoo. It has no authentication service or directory of its own, so you will need to plan around that or perhaps use one of the planned ISV solutions. -------------------------- Sent from my BlackBerry Wireless Handheld   ----- Original Message -----   From: ActiveDir-owner   Sent: 07/03/2003 10:00 AM   To: <[EMAIL PROTECTED]>   Subject: [ActiveDir] Identity Management using AD All,   We are in the process of redefining our Internet-enabled applications with a view to a centralised customer/client database.  There has been quite a bit of discussion regarding using AD as this "customer store", since AD will already be in this environment.   I'm a bit hesitant to recommend "vanilla" AD for this task, however I can see a number of benefits to this approach, as the support monkeys can manage the entire environment using the same tools they use to manage the production environment (ADUC etc).   I've been reading up on the information regarding MIIS (what little there is), and can see some potential for a configuration such as this, eg:   - Use AD to store the "core" customer information (user name, password, basic details) - Use ADAM or SQL (or whatever) for each application to store application specific extensions (so I don't end up with a blown out schema in AD with thousands of additional props for user objects) - Use MIIS as the Authentication / Identity management front end, and use it to sync these disparate databases to ensure some semblance of "sameness" between them. - Also use some of the MIIS features such as provisioning etc to ease the management overhead.   Applications could use AD to authenticate the customer coming in, and then use their ADAM database to house the application specific information they need.   We could possibly then use MIIS to "backchannel" into the production AD system, so that corporate users can gain access to these Internet applications without requiring multiple accounts.   This is all just brainstorming at the moment, however (as usual), I need to come up with some sort of design by next week (gotta love being given lots of time *grin*).  Having not actually got my hands on MIIS, this could be completely unfeasible.  Other options are a custom database for the "customer store", or some other existing product.   Has anyone been down this road before, and could share some insights / resources ?   Thanks   Glenn