In this post we will be installing Active Directory Lightweight Directory Services, previously known as ADAM.
Member Server of hostname DL-LDS is joined to fictitious domain resrc.vrnmyp.net. The forest root domain is vrnmyp.net
We have used resrc\Administrator account to install AD LDS on DL-LDS server. A service account can be used instead of Administrator account of domain resrc.vrnmyp.net. By default AD LDS use the following port for its operation.
Port 389 for LDAP and 636 for secure LDAP, these ports can be changed however you need to get necessary ports open on windows server and firewall wall.
To start with let’s begin with installation of AD LDS. The document is created using screenshots which are quite self-explanatory. The process has been simplified however detail information can be found on technet.microsoft.com if required.
1. Click on Start > Administrative Tools > Server Manager.
2. Select Roles and Click on Add Roles
3. Under Roles select Active Directory Lightweight Directory Services. If you don’t have .net framework 3.5 installed then you will be prompted to add .net framework 3.5. Click on Add Required Features.
4. Click on Install to proceed.
5. AD LDS will be installed and will be available under Start > Administrative Tools> Active Directory Lightweight Directory Services Setup Wizard. This wizard helps to create AD LDS instances.
6. Specify an instance name and its description. A service by the name of ADAM_InstanceName will be available under windows services console. This service will be used to start/stop AD LDS instance.
7. The default ports will be populated by itself, update the port numbers if you want to use a different port.
8. To better manager AD LDS we will create Application Partition. Specify the distinguished Name of application partition
9. Here you have choice to use service account and it will be granted administrative permissions over AD LDS instance that we are creating. We have used domain\Administrator account instead in this example.
10. Click on Next, now we are presented with Importing LDIF Files. These are default LDIF files which come along with AD LDS binaries. Each LDIF file contains Classes and Attributes which will be imported into the schema of AD LDS. In this scenario we have selected all of the LDIF files except MS-AzMan.LDF. Click on Next twice to trigger the installation.
Below is the brief description about function of each LDIF file.
.ldf file | User classes | Import this file if ... |
MS-ADAM-DisplaySpecifiers-0409.LDF | o Not applicable | You want to use an Active Directory snap-in (such as Active Directory Sites and Services) with AD LDS. |
MS-AdamSyncMetadata.LDF | o Not applicable | You want to use adamsync to synchronize AD LDS with Active Directory Domain Services (AD DS). |
MS-AZMan.LDF | o Not applicable | You want to use Windows Authorization Manager with AD LDS. |
MS-InetOrgPerson.LDF | o Person o Organizational-Person o User o inetOrgPerson | You want to create user objects in the AD LDS directory, and you want to create users of the InetOrgPerson class (as defined in RFC 2798). MS-InetOrgPerson.LDF is a sample file that you can modify to meet your particular requirements. |
MS-User.LDF | o Person o Organizational-Person o User | You want to create user objects in the AD LDS directory, but you do not want to create users of the InetOrgPerson class (as defined in RFC 2798). MS-User.LDF is a sample file that you can modify to meet your particular requirements. |
MS-UserProxy.LDF | o User-Proxy | You want to create simple proxy objects in AD LDS for use in bind redirection. MS-UserProxy.LDF is a sample file that you can modify to meet your particular requirements. |
MS-UserProxyFull.LDF | o User-Proxy-Full | You want to create complete proxy objects in AD LDS for use in bind redirection. To use this file, you must also import MS-InetOrgPerson.LDF or MS-User.LDF. MS-UserProxyFull.LDF is a sample file that you can modify to meet your particular requirements. |
No comments:
Post a Comment