What Is AD LDS?
An LDAP-based Directory
Service
Used for
applications
AD LDS is more flexible than AD DS because:
Multiple instances of AD LDS can be run on a
single computer
DNS infrastructure is not required
AD LDS can be modified to meet specific
application requirements
AD LDS
LDAP
AD LDS Administration Tools
LDP
Creates application partition
instances
Modifies data
Views data
Dsacls
Views or sets permissions
ADSIEdit
Modifies data
Views data
Ldifde or Csvde
Imports and exports data
AdamSync
Synchronizes an instance of AD DS
to AD LDS
ADSchemaAnalyzer
Migrates the Active Directory®
schema to ADAM
Active Directory® Lightweight
Directory Services Wizard
Creates a new instance of AD LDS
Creates a new replica of an AD LDS
instance
How Clients Connect to AD LDS
To connect to an AD LDS server client computer, you:
Can use LDAP or LDAPS
Must use the port numbers assigned to the AD LDS instance
Must be configured with the IP address or DNS name of the
AD LDS server
How Access Control Works in AD LDS
– A Simple LDAP bind or bind redirection
– A local Windows® account or AD DS account
AD LDS users can be authenticated by using:
Access control is used to limit the information that users can access in the
AD LDS partitions.
Demonstration: How To Configure Access Control in AD LDS
• To configure user accounts and groups
• To configure access control lists
