How the Centrify Windows API relies on COM interfaces

On Windows computers, the Centrify API supports the Component Object Model (COM) interface. The Component Object Model (COM) interface enables you to create objects that can interact with Active Directory or be used in other applications. These are re-usable objects that can provide access to all of the Centrify data stored in Active Directory. The objects can be used in any program written in .NET or COM-enabled languages. You can, therefore, create or modify applications to use these objects in COM-aware languages such as VBScript and PowerShell or .NET‑compliant languages such as C#. The object model used to access the data is the same, but the specific syntax required depends on the programming language you choose to use.

The objects that make up the Centrify Windows API rely on the underlying interfaces provided by Microsoft’s Active Directory Service Interfaces (ADSI). ADSI provides the base-level functions that permit applications to read and write data in Active Directory. The purpose of the Centrify Windows API is to provide a higher level of abstraction for performing Centrify-specific tasks than would be available if you were to call ADSI functions directly.

The following figure illustrates how the Centrify Windows API provides a layer of abstraction between the raw ADSI functions and the Access Manager console and other applications.

The Active Directory schema defines how all of the objects and attributes in the database are stored. When you add Centrify data to the Active Directory database, how that data is stored depends on the Active Directory schema you have installed. The Centrify Windows API, however, provides a logical view of the data, eliminating the need to know the details of how data is stored in different schemas when performing common administrative tasks. The Centrify Windows API also provides a simpler interface for accessing the well-defined set of UNIX objects that must be operated on than that offered by the general purpose ADSI. In fact, when you perform administrative tasks with the Access Manager console MMC snap-in, the console uses the same Centrify Windows API objects documented in this guide to manipulate the data.

Therefore, with the Centrify Windows API and any commonly-used Windows programming language, you can write scripts or programs that perform a wide range of tasks using Centrify data, including programs that automatically create and manage Centrify zones or update user, group, or computer properties.

Note:   You can use ADSI directly instead of using the Centrify Windows API, if you prefer. For more detailed information about the objects and attributes used in Active Directory when different schemas are used, see Data storage for Centrify zones