Do we need CALs for our clients if we store their user accounts for third party apps in Active Directory? [duplicate]

licensing active-directory windows-server-2003

Possible Duplicate:
Can you help me with my software licensing question?

We are looking at consolidating several credential stores into Active Directory. The credentials are mainly for our clients though (like FTP and a few web based application services). If we use Active Directory on Windows Small Business Server 2003 for the credentials, do we need a CAL from Microsoft for these users?

Thanks!


A CAL for SBS is needed for each actual user OR device that will connect. Up to 75 by default. However, you can store as many as you'd like in AD as long as your CALs allow for the number of connections necessary.

Scenario:

-You have 25 CALs

You can put 100 user accounts in AD, but only 25 connections to AD/SBS will be allowed by your CAL licensing at a given time.

More info:

http://www.microsoftvolumelicensing.com/userights/ProductPage.aspx?pid=124

Assigning a License. To assign a license means simply to designate that license to one device or user.

That says "physical device or physical user" not user accounts in AD. That means I can have TheCleaner1, TheCleaner2, TheCleaner3, TheCleanerN as accounts in AD but I can log in as any of them if I wanted to...however I can only log in to one of those accounts at any given time if I'm using a "user CAL". If I'm using a "device CAL" then I can physically go to X number of devices and log into AD with any of those accounts (where X is based on the # of device CALs I own).

See here: http://blogs.msdn.com/mssmallbiz/archive/2006/04/19/579256.aspx

It's definitely not something that seems to be spelled out in pure black and white though.

For me, device CALs have always been the simpler approach. I also believe that Microsoft wants you to understand the "intent" of the licensing and not get wrapped up too much in it...I talked with my own MVLS contact and their own answer was "just buy a device CAL for each computer and call it a day".


Which kind of system will be querying AD for user informations?

If those user accounts are used to access Windows servers in the domain, you need CALs for them.

If you are only using AD as a user database (f.e. because you have some application which queries LDAP directory services), no CAL is needed.

You need CALs to access Windows servers, not to store directory objects.


I would guess that you need a CAL for every device or user that authenticates to Active Directory, but don't take my word for it. The Right AnswerTM is to contact Microsoft and get clarification.

I'm seeing answers here that seem to imply that Microsoft offers "concurrent licensing" (i.e. X devices at a time, X users at a time can "connect" and use licenses out of a "pool") which, AFAIK, Microsoft hasn't offered for any product in 10+ years.

See here re: "concurrency" of CALs, as well as a lot of other good questions: http://www.microsoft.com/WindowsServer2003/sbs/evaluation/faq/licensing.mspx The question about the printer needing a CAL in that link is fairly telling, IMHO, of what I'd expect Microsoft's philosophy to be.

Some more background re: Microsoft CALs in general, with some good links: http://blogs.msdn.com/mssmallbiz/archive/2007/11/06/5942350.aspx

I would expect that the most costly "solution" is the "right" one.

Related

How to do this Nginx location configuration
Replacing a HP P410 RAID Card
What's wrong with this server? After I ssh into the unit and enter the password, the connection closes
Can I configure exim to deliver new mail to Maildir cur/ instead of new/?
phpmyadmin forbidden through ssh tunnel
other than manually changing it, how is MTU set?
Eliminate certificate warning when users access Outlook/Exchange 2010 on split domain setup
Sendmail: Mails are still being relayed to root@localhost
Identifying HTTP requests
Mount /usr on different partition
Data Backup redundancy/backups
Schedule Windows Updates exclusively on a specific work day (and time)?