Active Directory
- Active Directory integration
- ADAM (Active Directory Application Mode) - Active Directory Lightweight Directory Service or AD LDS, formerly known as Active Directory Application Mode (ADAM), is a light-weight implementation of Microsoft Active Directory.
- Active Directory Schema (AD Schema)
AD DS vs AD LDS
Prior to Windows Server 2008, AD LDS was still called ADAM (Active Directory Application Mode) and was only considered as an extension and not as a server role.
As with AD DS, AD LDS instances are also based on Lightweight Directory Access Protocol (LDAP) and provide hierarchical database services. As with AD DS, AD LDS understands locations and replication.
MSAD User Account Mapper
This mapper is specific to Microsoft Active Directory (MSAD). It's able to tightly integrate the MSAD user account state into the Keycloak account state (account enabled, password is expired, and so on). It is using the userAccountControl and pwdLastSet LDAP attributes, which are both specific to MSAD and are not LDAP standard.
For example, if pwdLastSet is 0, the Keycloak user is required to update their password and there will be an UPDATE_PASSWORD required action added to the user. If userAccountControl is 514 (disabled account), the Keycloak user is disabled as well.