How the IBM Security Windows API Relies on COM Interfaces

On Windows computers, the IBM Security API supports the Component Object Model (COM) interface. The Component Object Model (COM) interface enables you to create objects that can interact with Active Directory or be used in other applications. These are re-usable objects that can provide access to all of the IBM Security data stored in Active Directory. The objects can be used in any program written in .NET or COM-enabled languages. You can, therefore, create or modify applications to use these objects in COM-aware languages such as VBScript and PowerShell or .NET-compliant languages such as C#. The object model used to access the data is the same, but the specific syntax required depends on the programming language you choose to use.

The objects that make up the IBM Security Windows API rely on the underlying interfaces provided by Microsoft’s Active Directory Service Interfaces (ADSI). ADSI provides the base-level functions that permit applications to read and write data in Active Directory. The purpose of the IBM Security Windows API is to provide a higher level of abstraction for performing IBM Security-specific tasks than would be available if you were to call ADSI functions directly.

The following figure illustrates how the IBM Security Windows API provides a layer of abstraction between the raw ADSI functions and the Access Manager console and other applications.

The Active Directory schema defines how all of the objects and attributes in the database are stored. When you add IBM Security data to the Active Directory database, how that data is stored depends on the Active Directory schema you have installed. The IBM Security Windows API, however, provides a logical view of the data, eliminating the need to know the details of how data is stored in different schemas when performing common administrative tasks. The IBM Security Windows API also provides a simpler interface for accessing the well-defined set of UNIX objects that must be operated on than that offered by the general purpose ADSI. In fact, when you perform administrative tasks with the Access Manager console MMC snap-in, the console uses the same IBM Security Windows API objects documented in this guide to manipulate the data.

Therefore, with the IBM Security Windows API and any commonly-used Windows programming language, you can write scripts or programs that perform a wide range of tasks using IBM Security data, including programs that automatically create and manage IBM Security zones or update user, group, or computer properties.

You can use ADSI directly instead of using the IBM Security Windows API, if you prefer. For more detailed information about the objects and attributes used in Active Directory when different schemas are used, see Data Storage for IBM Security Zones.