I'm afraid I'm still having a problem understanding the question then. It's
obvious, that if it is the Admin group the user needs to be in, the use
ADSI. If it could be any user group, then use COM+, since it assures
scalability, reusability and ease of programming. I'm definitely a big fan
of the roles, since it makes your component more independent of the server
you put it on. Or as with ADSI, which domain you put it on...
As for the replication bit, I think it's a nice feature, but if your
compoonents security needs should change in the future, then your changes
don't have to affect the AD's security: Major benefit!
Maybe it's a question of how "religious" you are about the n-tier mindset...
> > Did I understand the question and did you get the answer? :-)
> not quite :)
> I did not ask "what are roles?" I did ask, which of them to use from
> consideration point of maintenance and "easy programming".
> For my idea; roles inside a Package are not replicated automatically to
> another COM+ server. AD does replicate but it seems to me more programming
> to test whether somebody is in an "Admin" role then with COM+
> For my idea the roles in Windows 2000 get less meaning then with NT 4.0
> lets start a discussion about that! So which to use when I anyway --
> ADSI (on active directory) and / or COM+ roles.