Understanding Active Directory. Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning , Microsoft. Active Directory Lightweight Directory Services (AD LDS). Module Overview. AD LDS Overview Implementing and Administering AD LDS Implementing AD LDS Replication
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Understanding Active Directory Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning , Microsoft
Module Overview • AD LDS Overview • Implementing and Administering AD LDS • Implementing AD LDS Replication • Comparing AD DS and AD LDS
Lesson 1: AD LDS Overview • How AD LDS Works • AD LDS Administration Tools • What Is the AD LDS Schema? • Demonstration: Installing AD LDS
How AD LDS Works AD LDS is a hierarchical file-based directory store Uses the Extensible Storage Engine (ESE) for file storage ESE AD LDS can be accessed via LDAP • The store is organized into three partitions types: • Configuration • Schema • Application
Directory objects based on the automobile object class Directory objects based on the user object class What Is the AD LDS Schema? AD LDS Schema defines the types of objects and data that can be created and stored in an AD LDS instance using object classes and attributes Schema Partition Application Partition Definition for an automobile object class Definition for a user object class
Demonstration: Installing AD LDS • In this demonstration, you will see how to install Active Directory Lightweight Directory Services
Lesson 2: Implementing and Administering AD LDS • What Is an AD LDS Instance? • What Is an AD LDS Application Partition? • Demonstration: Configuring AD LDS Instances and Application Partitions • AD LDS Users and Groups • How Does Access Control Work in AD LDS?
What Is an AD LDS Instance? An AD LDS Instance is a running copy of AD LDS service that contains is own communication interface and directory store A Single AD LDS Instance Interfaces (LDAP, replication) Directory Service Client Directory Data Store (Adamntds.nit) The directory store has its own copy of the three partitions
What Is an AD LDS Application Partition? The AD LDS application partition holds the data that is used by the application A Single AD LDS Instance Application partition 1 Configuration partition Schema partition Multiple application directory partitions can be created in each LDS instance; however each partition would share a single set of configuration and schema partitions
Demonstration: Configuring AD LDS Instances and Application Partitions • In this demonstration, you will see how to configure an AD LDS instance on a computer that is already running one instance
AD LDS provides four default, role-based groups stored in the roles container of the appropriate partitions AD LDS Users and Groups
AD LDS Access Control: How Does Access Control Work in AD LDS? Authenticates the identity of users requesting access to the directory, allowing only successfully authenticated users into the directory 1 Uses security descriptors, called access control lists (ACLs), on directory objects to determine which objects an authenticated user can access 2
Lesson 3: Implementing AD LDS Replication • How AD LDS Replication Works • Why Implement AD LDS Replication?
How AD LDS Replication Works • AD LDS uses multimaster replication: • All instances are writable • Changes on one instance are replicated to the other instances AD LDS servers replicate changes to all servers Client modifies “User 1” display name on Server 2 Client adds “User 2” on Server 1 Server 2 Server 1 Server 3
Why implement AD LDS Replication? Why Implement AD LDS Replication? • High availability • Load balancing • Geographic limitations
Lesson 4: Comparing AD DS and AD LDS • Similarities between AD DS and AD LDS • Differences between AD DS and AD LDS • Integrating AD DS and AD LDS
Similarities between AD DS and AD LDS: Similarities Between AD DS and AD LDS • Support LDAP connections • Use multimaster replication • Support delegated administration • Use Extensible Storage Engine for the database store
Integrating AD DS and AD LDS To integrate AD DS and AD LDS: Prepare the schema for synchronization 1 Prepare the configuration for AdamSync 2 Run AdamSync 3
Review Questions Summary of AD LDS Module Review and Takeaways