Role Management: ADSI or COM+ roles?

Role Management: ADSI or COM+ roles?

Post by Egbert Niero » Fri, 03 Nov 2000 23:48:25



Hi,

I am starting a new project using windows 2000 with Active Directory. We
will for instance query for the user/groups membership to check the correct
user rights.

From what perspective to choose for or ADSI or COM+ roles?

For the developers?
For the system administrators?

Thanks!

Egbert Nierop

 
 
 

Role Management: ADSI or COM+ roles?

Post by Thomas Peterse » Sat, 04 Nov 2000 05:37:45


As far as I know, there's a huge difference between thoose things! You
design your COM+ roles for use with your components, whereas the Active
directory users are the "real" users.

Example:

A COM+ application which identifies three roles: An employee, an Boss and an
Admin.

In the domain Bob and Egbert are members of the ordinary users, whereas
Noo-Noo is member of Administrators. This is all well, but Bob is the boss
of Noo-Noo and Egbert, and therefore a member of the Boss role, as well as
the Employee role! Egbert is only member of the Employee role, and Noo-Noo
is member of the Employee and Admin groups. From within the components, you
can now test to see if the user is allowed the specific function, without
messing around in the Windows security catalog, and thus relieving both the
developer and the admin from the headache...

Did I understand the question and did you get the answer? :-)


Quote:> Hi,

> I am starting a new project using windows 2000 with Active Directory. We
> will for instance query for the user/groups membership to check the
correct
> user rights.

> From what perspective to choose for or ADSI or COM+ roles?

> For the developers?
> For the system administrators?

> Thanks!

> Egbert Nierop


 
 
 

Role Management: ADSI or COM+ roles?

Post by Eggi » Sat, 04 Nov 2000 15:57:21



Quote:> Did I understand the question and did you get the answer? :-)

not quite :)

I did not ask "what are roles?"  I did ask, which of them to use from
consideration point of maintenance and "easy programming".

For my idea; roles inside a Package are not replicated automatically to
another COM+ server. AD does replicate but it seems to me more programming
to test whether somebody is in an "Admin" role then with COM+

For my idea the roles in Windows 2000 get less meaning then with NT 4.0 but
lets start a discussion about that! So which to use when I anyway -- need --
ADSI (on active directory) and / or COM+ roles.

 
 
 

Role Management: ADSI or COM+ roles?

Post by Thomas Peterse » Sat, 04 Nov 2000 04:00:00


I'm afraid I'm still having a problem understanding the question then. It's
obvious, that if it is the Admin group the user needs to be in, the use
ADSI. If it could be any user group, then use COM+, since it assures
scalability, reusability and ease of programming. I'm definitely a big fan
of the roles, since it makes your component more independent of the server
you put it on. Or as with ADSI, which domain you put it on...

As for the replication bit, I think it's a nice feature, but if your
compoonents security needs should change in the future, then your changes
don't have to affect the AD's security: Major benefit!

Maybe it's a question of how "religious" you are about the n-tier mindset...
:-)




> > Did I understand the question and did you get the answer? :-)
> not quite :)

> I did not ask "what are roles?"  I did ask, which of them to use from
> consideration point of maintenance and "easy programming".

> For my idea; roles inside a Package are not replicated automatically to
> another COM+ server. AD does replicate but it seems to me more programming
> to test whether somebody is in an "Admin" role then with COM+

> For my idea the roles in Windows 2000 get less meaning then with NT 4.0
but
> lets start a discussion about that! So which to use when I anyway --
need --
> ADSI (on active directory) and / or COM+ roles.

 
 
 

Role Management: ADSI or COM+ roles?

Post by Egbert Niero » Sat, 04 Nov 2000 19:09:34


I found an interesting fact.
Inside a role can be placed a active directory group... This means that I
don't have to check membership myself...


 
 
 

1. servers role

hallo,
   i still do not understand well servers role in 2000+ domains. I have ask
several questions with answers which did not help me (i think they didnt
help me because I ask wrong question).

please, i need some links where to find information about server's role in
domain. its hard to explain what I need, but my knowledge ends witn NT4 PDC
and BDC and its behaviour when some of them crashes down.... But I really
dont know exactly how behaves for example ADC in domain when DC is down or
destroyed, if there is something like promoting ADC to DC (like NT4 did
promoting BC to PDC)... and so on. I have tryed to find some links myself,
but with no luck. I need to study this because planning to deploy more
server in our w2000 domain....

thanks for any help

Polp

2. Free Atari stuff

3. SBS 4.5 & Win2k client - user roles?

4. SUN X5214A 595 4082-01 /4.2GB

5. Role Admin for Exchange Server Routing Object

6. FP2000 screwing up the ASP pages

7. Creating Organisational role mailboxes

8. New Zoom Driver

9. Different roles of modems

10. 02-070 - Affects us SBSers [DC role and SMB signing]

11. FSMO Roles/Single Domain?

12. Browing Role in SBS2000, how do you setup Browser service?

13. upgrade and dump DC role