Active Directory integration strategies

Active Directory integration strategies

Post by SmVyZW1 » Thu, 12 Apr 2007 11:26:02

I recently took over an application which receives messages from HR systems
and creates the users in AD. There is also a web front end for creating and
maintaining users in AD.
My applications send the messages to a MSMQ. A windows service monitors the
MSMQ and creates or updates the directory entries in AD.
This was built about 5 years ago. I am considering moving away from MSMQ
and updating AD real time.

Are there any known issues with working directly with AD instead of queueing
up events to AD?

Active Directory integration strategies

Post by Joe Kapla » Thu, 12 Apr 2007 12:44:57

From the AD perspective, this isn't important. However, the message queue
may still be needed to achieve certain scalability goals of the apps or
serve other purposes. However, if you are pretty sure you don't need the
queue, you can definitely write directly to AD. The nice thing about the
queue is that you have more explicit control over how many threads and
connections you might open to AD. Especially if you have multiple sources
dumping into the queue and you really don't know how many might be talking
to AD at once, you might be able to achieve more reliablity this way.
However, you'd probably have to have pretty high usage for that to become an

Ultimately, this is more of an architectural thing that you have to decide
based on the other factors involved.

Joe K.

Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"