Christopher Chapman MCT Content PM Microsoft Learning PDG

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning , Microsoft

Microsoft Virtual Academy Active Directory Lightweight Directory Services (AD LDS)

Module Overview • AD LDS Overview • Implementing and Administering AD LDS • Implementing AD LDS Replication • Comparing AD DS and AD LDS

Lesson 1: AD LDS Overview • How AD LDS Works • AD LDS Administration Tools • What Is the AD LDS Schema? • Demonstration: Installing AD LDS

How AD LDS Works AD LDS is a hierarchical filebased directory store Uses the Extensible Storage Engine (ESE) for file storage ESE AD LDS can be accessed via LDAP The store is organized into three partitions types: Configuration Schema Application

AD LDS Administration Tools Tool Active Directory Lightweight Directory Services Wizard ADSIEdit Usage • Create a new instance of AD LDS • Create a new replica of an AD LDS instance • Modifying data • Viewing data • Creating application partition instances LDP • Modifying data • Viewing data Ldifde or Csvde • Importing and exporting data Dsacls • View or set permissions Adam. Sync • Used to synchronize an instance of AD DS to AD LDS ADSchema. Analyzer • Used in migrating the Active Directory schema to ADAM

What Is the AD LDS Schema? AD LDS Schema defines the types of objects and data that can be created and stored in an AD LDS instance using object classes and attributes Schema Partition Application Partition Definition for an automobile object class Directory objects based on the automobile object class Definition for a user object class Directory objects based on the user object class

Demonstration: Installing AD LDS • In this demonstration, you will see how to install Active Directory Lightweight Directory Services

Lesson 2: Implementing and Administering AD LDS • What Is an AD LDS Instance? • What Is an AD LDS Application Partition? • Demonstration: Configuring AD LDS Instances and Application Partitions • AD LDS Users and Groups • How Does Access Control Work in AD LDS?

What Is an AD LDS Instance? An AD LDS Instance is a running copy of AD LDS service that contains is own communication interface and directory store A Single AD LDS Instance Directory Service Interfaces (LDAP, replication) Client Directory Data Store (Adamntds. nit) The directory store has its own copy of the three partitions

What Is an AD LDS Application Partition? The AD LDS application partition holds the data that is used by the application A Single AD LDS Instance Application partition 1 Configuration partition Schema partition Multiple application directory partitions can be created in each LDS instance; however each partition would share a single set of configuration and schema partitions

Demonstration: Configuring AD LDS Instances and Application Partitions • In this demonstration, you will see how to configure an AD LDS instance on a computer that is already running one instance

AD LDS Users and Groups AD LDS provides four default, role-based groups stored in the roles container of the appropriate partitions Role Administrators Readers Default Members Configuration partition: AD LDS administrators that are assigned during AD LDS setup Application partitions: The Administrators group from the configuration partition None Default Access Full access to all partitions Read access to the partition Configuration partition: Transitively, all AD LDS users Users Instances Application partitions: Transitively, all AD LDS users that are created in the partition Configuration partition: All instances None

How Does Access Control Work in AD LDS? AD LDS Access Control: 1 Authenticates the identity of users requesting access to the directory, allowing only successfully authenticated users into the directory 2 Uses security descriptors, called access control lists (ACLs), on directory objects to determine which objects an authenticated user can access

Lesson 3: Implementing AD LDS Replication • How AD LDS Replication Works • Why Implement AD LDS Replication?

How AD LDS Replication Works AD LDS uses multimaster replication: • All instances are writable • Changes on one instance are replicated to the other instances AD LDS servers replicate changes to all servers Client adds “User 2” on Server 1 Client modifies “User 1” display name on Server 2 Server 1 Server 3

Why Implement AD LDS Replication? Why implement AD LDS Replication? • High availability • Load balancing • Geographic limitations

Lesson 4: Comparing AD DS and AD LDS • Similarities between AD DS and AD LDS • Differences between AD DS and AD LDS • Integrating AD DS and AD LDS

Similarities Between AD DS and AD LDS Similarities between AD DS and AD LDS: • Support LDAP connections • Use multimaster replication • Support delegated administration • Use Extensible Storage Engine for the database store

Differences Between AD DS and AD LDS Features AD LDS Capable of multiple instances running on one server X Runs on nondomain controllers X Does not require DNS infrastructure X AD DS Group policy X Global Catalog functions X Kerberos V 5 Protocol authentication X Full-featured administrator tools X Automatic failover of services X

Integrating AD DS and AD LDS To integrate AD DS and AD LDS: 1 Prepare the schema for synchronization 2 Prepare the configuration for Adam. Sync 3 Run Adam. Sync

Module Review and Takeaways • Review Questions • Summary of AD LDS

Thanks for Watching!

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U. S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.