AD Lightweight Directory Service (AD LDS)

AD Lightweight Directory Service (AD LDS)
Topics Covered
Introduction to AD LDS
Understanding AD LDS Instance
Installation of AD LDS
Creating AD LDS instance

Active Directory Lightweight Directory Service (AD LDS)
AD LDS server role is a lightweight directory access protocol (LDAP) directory service. It
provided data storage and retrieval for directory-enabled application, without the dependencies
that are required for AD DS. In Windows 2003 R2 AD LDS was called as Active Directory
Application Mode (ADAM). AD LDS provides same functionality like AD DS, but it does not
require the use of domain and domain controller. AD LDS is generally used for application
support like Exchange Server 2010, SharePoint Server, etc.
AD LDS is an independent mode of Active Directory that support dedicated directory services
for application without use of AD DS. AD LDS provides independent storage and access for
application. AD LDS uses the same standard API’s or programming standards as active directory
uses. Many applications can use AD LDS like
• Customer Relationship Management(CRM)
• Human Resources application
• Global Address book application, etc.
The greatest advance of AD LDS is that it does not required AD DS and we can run multiple
instance of AD LDS concurrently on a single server, with an independent schema and
configuration set. Each instance of AD LDS uses different port number for communication with
application or client.
Installation of AD LDS
1) Start Server manager and then go to roles
2) Under roles select add roles
3) Under the “Add Role wizard” select Active Directory Lightweight Directory Server” and
click next to continue and complete the installation of AD LDS.
Understanding AD LDS Instance
An AD LDS instance works like a separate a AD LDS server with separate schema and
configuration partition and also a separate port number. Instead of maintaining different server
for different AD LDS instance, we can create multiple AD LDS instance on a single server.
An AD LDS component includes
• Directory Service (dsmain.exe)
• Directory Store data (adamntds.dit)
• LDAP protocols and interface

Every instance we create for AD LDS is stored under c:\program files\<instance name> folder.
We can also change or move the location of AD LDS files.
Creating AD LDS Instance
1. Create n AD LDS Instance
2. Active Directory Lightweight Directory Service Setup Wizard
This wizard helps you install Microsoft Active Directory Lightweight Directory Service
(AD LDS).
AD LDS is a powerful directory service that is easy to install and deploy. It provides a
dedicated data store for applications, and can be configured and managed independent.
To continue, click Next.

3. Create a Unique or Replica Instance of an AD LDS (In my case I am creating a Unique
Instance)
4. Name the AD LDS Instance
The AD LDS service name is created when the instance name is combined with the
product name. It will be displayed in the list of Windows Services.
Side Note: it allows you to use the - and _ symbols in naming, but I have had problems
with these types of names where it would crash the AD LDS and the error logs and
services window would turnicate the name at the first symbol type.

5. Select Port Numbers
The ports displayed below are the first available for this computer. To change these
ports, type the new port numbers in the text boxes below. If you plan to install Active
Directory Domain Services on this computer, do not use 389 for the LDAP port or 636
for the SSL port because Active Directory Domain Services uses these port numbers.
Instead, use available port numbers from the following range: 1025-65535.
6. AD LDS create an application directory partition
Select this option if the application that you plan to install does not create an application
directory partition upon installation. A valid partition name is any distinguished name
that does not already exist in this instance. CN - Common Name, DN -
distinguishedName, SN - Sir Name, OU - Organizational unit.

7. File Location for associated AD LDS files.
8. Service account selection the Network Service Account is sufficient for my need.

9. AD LDS Administrator - In my case the default admin account works.
10. Import Interchange Format LDIF files into the AD LDS application directory partition.

11. Ready to install click Next.
12. Installing AD LDS

13. Finished