06 active directory lightweight directory services
Post on 15-Jun-2015
Embed Size (px)
- 1. Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning , Microsoft
2. Microsoft Virtual AcademyActive Directory Lightweight Directory Services (AD LDS) 3. Module Overview AD LDS Overview Implementing and Administering AD LDS Implementing AD LDS Replication Comparing AD DS and AD LDS 4. Lesson 1: AD LDS Overview How AD LDS Works AD LDS Administration Tools What Is the AD LDS Schema? Demonstration: Installing AD LDS 5. How AD LDS Works AD LDS is a hierarchical filebased directory storeUses the Extensible Storage Engine (ESE) for file storageESEAD LDS can be accessed via LDAPThe store is organized into three partitions types: Configuration SchemaApplication 6. AD LDS Administration Tools Tool Active Directory Lightweight Directory Services Wizard ADSIEditUsage Create a new instance of AD LDS Create a new replica of an AD LDS instance Modifying data Viewing data Creating application partition instancesLDP Modifying data Viewing dataLdifde or Csvde Importing and exporting dataDsacls View or set permissionsAdamSync Used to synchronize an instance of AD DS to AD LDSADSchemaAnalyzer Used in migrating the Active Directory schema to ADAM 7. What Is the AD LDS Schema? AD LDS Schema defines the types of objects and data that can be created and stored in an AD LDS instance using object classes and attributesSchema PartitionApplication PartitionDefinition for an automobile object classDirectory objects based on the automobile object classDefinition for a user object classDirectory objects based on the user object class 8. Demonstration: Installing AD LDS In this demonstration, you will see how to install Active Directory Lightweight Directory Services 9. Lesson 2: Implementing and Administering AD LDS What Is an AD LDS Instance? What Is an AD LDS Application Partition? Demonstration: Configuring AD LDS Instances and Application Partitions AD LDS Users and Groups How Does Access Control Work in AD LDS? 10. What Is an AD LDS Instance? An AD LDS Instance is a running copy of AD LDS service that contains is own communication interface and directory store A Single AD LDS InstanceDirectory ServiceInterfaces (LDAP , replication) ClientDirectory Data Store (Adamntds.nit)The directory store has its own copy of the three partitions 11. What Is an AD LDS Application Partition? The AD LDS application partition holds the data that is used by the applicationA Single AD LDS InstanceApplication partition 1 Configuration partition Schema partitionMultiple application directory partitions can be created in each LDS instance; however each partition would share a single set of configuration and schema partitions 12. Demonstration: Configuring AD LDS Instances and Application Partitions In this demonstration, you will see how to configure an AD LDS instance on a computer that is already running one instance 13. AD LDS Users and Groups AD LDS provides four default, role-based groups stored in the roles container of the appropriate partitions RoleAdministratorsReadersDefault Members Configuration partition: AD LDS administrators that are assigned during AD LDS setup Application partitions: The Administrators group from the configuration partition NoneDefault AccessFull access to all partitions Read access to the partitionConfiguration partition: Transitively, all AD LDS usersUsers InstancesApplication partitions: Transitively, all AD LDS users that are created in the partition Configuration partition: All instancesNone 14. How Does Access Control Work in AD LDS? AD LDS Access Control: 1 Authenticates the identity of users requesting access to the directory, allowing only successfully authenticated users into the directory2 Uses security descriptors, called access control lists (ACLs), on directory objects to determine which objects an authenticated user can access 15. Lesson 3: Implementing AD LDS Replication How AD LDS Replication Works Why Implement AD LDS Replication? 16. How AD LDS Replication Works AD LDS uses multimaster replication: All instances are writable Changes on one instance are replicated to the other instancesAD LDS servers replicate changes to all serversClient adds User 2 on Server 1Client modifies User 1 display name on Server 2Server 2Server 1Server 3 17. Why Implement AD LDS Replication? Why implement AD LDS Replication? High availability Load balancing Geographic limitations 18. Lesson 4: Comparing AD DS and AD LDS Similarities between AD DS and AD LDS Differences between AD DS and AD LDS Integrating AD DS and AD LDS 19. Similarities Between AD DS and AD LDS Similarities between AD DS and AD LDS: Support LDAP connections Use multimaster replication Support delegated administration Use Extensible Storage Engine for the database store 20. Differences Between AD DS and AD LDS FeaturesAD LDSCapable of multiple instances running on one serverXRuns on nondomain controllersXDoes not require DNS infrastructureAD DSXGroup policyXGlobal Catalog functionsXKerberos V5 Protocol authenticationXFull-featured administrator toolsXAutomatic failover of servicesX 21. Integrating AD DS and AD LDS To integrate AD DS and AD LDS:1 Prepare the schema for synchronization 2 Prepare the configuration for AdamSync 3 Run AdamSync 22. Module Review and Takeaways Review Questions Summary of AD LDS 23. Thanks for Watching! 24. 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.