Andrew Cheng (MCSE, MCT, MVP)

http://andrewchengnh.spaces.live.com http://sgwindowsgroup.org

AD LDS Overview

Implementing and Administering AD LDS

Implementing AD LDS Replication

Comparing AD DS and AD LDS

AD LDS can be accessed via LDAP

The store is organized into three partitions types:

Configuration

Schema

Application

AD LDS is a hierarchical file-based directory store

Uses the Extensible Storage Engine (ESE) for file storage

ESE

AD LDS Schema defines the types of objects and data that can be created and stored in an AD LDS instance using object classes and attributes

Directory objects based on the automobile object class

Definition for an automobile object class

Schema Partition

Directory objects based on the user object class

Application Partition

Definition for a user object class

An AD LDS Instance is a running copy of AD LDS service that contains is own communication interface and directory store

Directory Service

Client

A Single AD LDS Instance

Interfaces (LDAP, replication)

Directory Data Store (Adamntds.nit)

The AD LDS application partition holds the data that is used by the application

A Single AD LDS Instance

Multiple application directory partitions can be created in each LDS instance;

however each partition would share a single set of configuration and schema

partitions

Application partition 1

Configuration partition

Schema partition

AD LDS uses multimaster replication:

• All instances are writable

• Changes on one instance are replicated to the other instances

AD LDS servers replicate changes to all servers

Client adds “User 2” on Server 1

Client modifies “User 1” display name on Server 2

Server 2 Server 1

Server 3

Features AD LDS AD DS

Capable of multiple instances running on one server

Runs on nondomain controllers

Does not require DNS infrastructure

Group policy

Global Catalog functions

Kerberos V5 Protocol authentication

Full-featured administrator tools

Automatic failover of services