Understanding the Active Directory Application Mode (ADAM) database
search cancel

Understanding the Active Directory Application Mode (ADAM) database


Article ID: 343171


Updated On:


VMware vCenter Server


This article describes the Active Directory Application Mode (ADAM) database and its usage by VMware products.


VMware vCenter Server 5.0.x
VMware vCenter Server 4.1.x
VMware vCenter Server 4.0.x
VMware vCenter Server 5.5.x
VMware vCenter Server 5.1.x


The ADAM database is used as a replicated storage facility for vCenter Servers running in Linked mode.
ADAM is used to store:
  • The list of vCenter instances participating in the group. For a standalone instance, this still exists, but there is only one entry in the list.
  • The definitions of authorization Roles. These are common in the group and are no longer stored in the vCenter SQL database.
  • The definitions of available licenses and license assignments for the Linked Mode group. One-stop shopping for checking on and updating license usage across all vCenters in the group.

ADAM is required to run vCenter Server in Linked Mode. If you do not want to run vCenter Server in Linked Mode, close ADAM ports, RPC ports and port 389 and port 636 in the firewall. These ports are only used by the local VMware VirtualCenter Management Webservices and VMware VirtualCenter Server services.

Note: ADAM is also utilized by standalone vCenter Servers for storing licensing information.

For more information on ADAM, see the vSphere Datacenter Administration Guide.

Additional Information

In VMware vCenter Server 4.0 and above roles are stored in ADAM/ADLDS even in standalone vCenter Server instances. Custom roles are no longer stored in vpx_role/vpx_priv_role tables in the VC DB.
For example:
An upgrade from 2.5 to 4.0 of VC does not drop the vpx_priv_role or vpx_role tables causing confusions about the location of roles.
To see the roles in ADAM, connect to Virtual Center host with name context = dc=virtualcenter,dc=vmware,dc=int and select OU=UserRoles. As stated, you can verify that definitions of the roles, which include their assigned permissions exist in the ADAM record.