www.threatcode.com
You want me to start a new division?
We have to get people to care by shaming them into changing their ways.
Creamer, Mark wrote:
What’s frustrating to me, is that even some of the most significant
players in many software categories (and hardware for that matter) are
not allowing some of the Microsoft best practices listed in these
documents to be used. (I’m not referring to in-house development this
time)
Example: An app that requires one or more hard-coded domain
controllers, because the app was not designed to know how to search
for an available server (WebMethods). Or one that has to be patched to
know how to do referral chasing because we have multiple domains and
not all the needed attributes are in the GC (Cognos).
What do you guys do? Surely you can’t expect to always be able to take
the high-ground and say to a business unit – “you can’t bring in this
new state-of-the-art application because it isn’t querying the AD
correctly.” Especially if it works (in their minds, albeit not
efficiently in mine). I’d be laughed out of a job. AD is just one
small part of the big package.
*/<mc>/*
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *joe
*Sent:* Tuesday, January 24, 2006 11:16 PM
*To:* [email protected]
*Subject:* RE: [ActiveDir] Developer Best Practices doc
Yep, Joe and Ryan have a book they put together for NET program for
the Directory Services stuff. I believe it is completed from a writing
standpoint, just doing all of the stuff it takes to get it ready to
get it out the door. I am not a NET person but I reviewed it for the
directory related logic and processes (i.e. queries and the general
thoughts of how you would attack things). Again not being a NET
person, it still seemed to be pretty good, it read fairly well.
Other than that, I would point at the writing efficient apps document
from MS as well as the MSDN docs on using AD. Specific DOCs
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnactdir/html/efficientadapps.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/using_active_directory.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/creating_efficient_queries.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/active_directory_service_interfaces_adsi.asp
ADAM docs are good to learn from as well
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adam/adam/active_directory_application_mode.asp
Gil wrote the book that I initially learned to write apps from called
Active Directory Programming. It is broken up into ADSI and LDAP
sections. It isn't the end all be all and there is an occasional issue
but it obviously got me going in the right direction. I still refer
back to it on occasion.
Other than that, make them read some of the better AD books out there
to really understand the idea and capabilities and uses behind AD. Yes
it is an LDAP directory but if you only go in thinking that you will
probably not write the best apps you can write. Recommended books
would be Sakari's book, get Second Edition and if I may be so bold and
not sound bad doing so, O'Reilly Active Directory Third Edition.
Oh finally, send them into the various AD Programming Interface and
ADSI newsgroups to see the kinds of questions other folks are asking
about how to do this stuff.
joe
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] *On Behalf Of *Brian Desmond
*Sent:* Tuesday, January 24, 2006 4:33 PM
*To:* [email protected]
*Subject:* RE: [ActiveDir] Developer Best Practices doc
**I believe Joe Kaplan and Ryan Dunn have a book which is going to be
published soon on the matter.**
**Thanks,**
**Brian Desmond**
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>**
**c - 312.731.3132**
------------------------------------------------------------------------
*From:* [EMAIL PROTECTED] on behalf of Al Mulnick
*Sent:* Tue 1/24/2006 3:50 PM
*To:* [email protected]
*Subject:* Re: [ActiveDir] Developer Best Practices doc
IIRC, There are several books that relate to this. Somebody on this
list may have written one even :)
That said, I think the normal applies to the best practices:
Use efficient LDAP queries (see Microsoft web site;several blogs as
well) when LDAP is used
Use .NET best practices for dealing with code
Try to stay away from legacy practices where possible (WINNT provider
if using ADSI)
Limit queries to the exact information needed.
Be sure to remember that group membership gets truncated to a limited
number of members if using intuitive methods to read them. Limitation
of .NET.
I'm sure there are other pieces, but I've not had to write one more
specific than that.
On 1/24/06, *Creamer, Mark* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Anybody seen/created a best practices document to ' teach' internal
application development teams to interact with AD? I' ve just been
asked to do one and could use some guidance on things to include.
*Mark Creamer*
*Systems Engineer*
Cintas Corporation | 6800 Cintas Boulevard | Mason, OH 45040
Email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> |
http://www.cintas.com <http://www.cintas.com/>
This e-mail transmission contains information that is intended to be
confidential and privileged. If you receive this e-mail and you are
not a named addressee you are hereby notified that you are not
authorized to read, print, retain, copy or disseminate this
communication without the consent of the sender and that doing so is
prohibited and may be unlawful. Please reply to the message
immediately by informing the sender that the message was misdirected.
After replying, please delete and otherwise erase it and any
attachments from your computer system. Your assistance in correcting
this error is appreciated.
This e-mail transmission contains information that is intended to be
confidential and privileged. If you receive this e-mail and you are
not a named addressee you are hereby notified that you are not
authorized to read, print, retain, copy or disseminate this
communication without the consent of the sender and that doing so is
prohibited and may be unlawful. Please reply to the message
immediately by informing the sender that the message was misdirected.
After replying, please delete and otherwise erase it and any
attachments from your computer system. Your assistance in correcting
this error is appreciated.
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
