16.4. Using a Directory-Based Policy Store
From a programming and configuration standpoint, using a directory-based policy store is no different than using a file-based policy store, aside from the connection string. Instead of configuring the connection string with an msxml moniker, you use an msldap moniker with a valid LDAP path. Setting up an AzMan policy store basically involves choosing a location for the store in your directory. Instead of storing the policy store in a file, the policy store is located in a container somewhere in your directory structure. I created a policy store in the directory structure that you saw used earlier in Chapter 13 when you learned about working with ActiveDirectoryMembershipProvider. Figure 16-2 shows a policy store aptly named "Chapter16" that contains an application called UsingAzMan.
Figure 16-2. Figure 16-2
If you look at the containers underneath bhaidar.net, you will see that there is a container titled Chapter16 that is of type msDS-AzAdminManager. This container is the root of the AzMan policy store shown in Figure 16-2. Note that you will not see this container unless you enabled the advanced features view in the Active Directory MMC. Normally though, you work with the AzMan policy store via the AzMan MMC. Looking at the underlying container location is interesting in order to get an idea of how the abstract concept of a policy ...