Installing Active Directory Lightweight Directory Services

Before we get started with installing AD LDS lets have a quick look at why you would want to install and use AD LDS. AD LDS allows you to setup your own customized LDAP database. LDAP is a set of objects with similar attributes organized in a logical and hierarchical manner.

Most of use today have at some point had to use Microsoft Access or know what a relational database is. LDAP is a database but it is not a relational database. Relational databases are designed to read and write data in the most efficient way without duplicating information. LDAP on the other had is designed with replication and read performance in mind. From this we can see the obvious uses for LDAP being user authentication, Access Rights Management. But here are a few other ideas. You could use AD LDS to create a telephone book application. You could also use it to replicate a selected subset of users to support an application that runs in a DMZ. AD LDS can also be used to restore backups of Active Directory to see which backup is the best to restore. These are only a few ideas, I’m sure there are many more.

Lets have a look at how we setup AD LDS on windows 2008:

1. Click Start then All Programs, Administrative Tools, Server Manager.
2. Scroll down the page till you get to the Role Summary section. Click Add Roles.
3. If the Before You Begin page displays just click Next.
4. You should now see the Select Server Roles page. Look through the list and tick the Active
1. Directory Lightweight Directory Services option. Click next.
5. The next page gives you some further information about AD LDS. Click Next.
6. Read the information messages and click install when you are happy to install AD LDS.
7. When complete click close.

Now that AD LDS is installed we can now run the Active Directory Lightweight Directory Services Setup Wizard. The Wizard will allow us to create a unique instance of AD LDS.

1. Start the wizard by clicking Start, All Programs, Administrative Tools, Then select
1. Active Directory Lightweight Directory Services Setup Wizard.
2. At the Welcome screen click Next.
3. On the next page select A Unique Instance and then click Next.
4. On the Instance Name page, Provide a name for the AD LDS instance and click Next.
5. Next will be the Ports page, Here you can accept the defaults as long as you are not
1. running Active Directory on this server. Once set click Next.
6. The next step will ask you if you want to create an application directory partition. It is a
1. good idea to click Yes and enter the Partition name at this point rather than doing it
2. later. Once done click Next.
7. Next is the File Location page, You can accept the defaults or if you believe there will be
1. high traffic it would be a good idea to setup the files on a separate partition from your
2. system partition. Click Next once again when done.
8. The next page asks for a Service Account. Select the account that you want the AD LDS
1. service to run under. Again click Next when done.
9. On the AD LDS Administrators page you need to select a user or group that will be used as
1. the default administrator for this instance.
10. The next page allows you to import LDIF Files. A good one to have is
1. MS-ADLDS-DisplaySpecifiers. Importing this file allows you to use the Active Directory Sites
2. and Services tool. Select any other files that you require for you implementation of
3. AD LDS. Click Next to complete the installation.