06 active directory lightweight directory services

  • 144 views
Uploaded on

 

More in: Education
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
144
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
20
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning , Microsoft
  • 2. Microsoft Virtual Academy Active Directory Lightweight Directory Services (AD LDS)
  • 3. Module Overview • AD LDS Overview • Implementing and Administering AD LDS • Implementing AD LDS Replication • Comparing AD DS and AD LDS
  • 4. Lesson 1: AD LDS Overview • How AD LDS Works • AD LDS Administration Tools • What Is the AD LDS Schema? • Demonstration: Installing AD LDS
  • 5. How AD LDS Works AD LDS is a hierarchical filebased directory store Uses the Extensible Storage Engine (ESE) for file storage ESE AD LDS can be accessed via LDAP The store is organized into three partitions types: Configuration Schema Application
  • 6. AD LDS Administration Tools Tool Active Directory Lightweight Directory Services Wizard ADSIEdit Usage • Create a new instance of AD LDS • Create a new replica of an AD LDS instance • Modifying data • Viewing data • Creating application partition instances LDP • Modifying data • Viewing data Ldifde or Csvde • Importing and exporting data Dsacls • View or set permissions AdamSync • Used to synchronize an instance of AD DS to AD LDS ADSchemaAnalyzer • Used in migrating the Active Directory schema to ADAM
  • 7. What Is the AD LDS Schema? AD LDS Schema defines the types of objects and data that can be created and stored in an AD LDS instance using object classes and attributes Schema Partition Application Partition Definition for an automobile object class Directory objects based on the automobile object class Definition for a user object class Directory objects based on the user object class
  • 8. Demonstration: Installing AD LDS • In this demonstration, you will see how to install Active Directory Lightweight Directory Services
  • 9. Lesson 2: Implementing and Administering AD LDS • What Is an AD LDS Instance? • What Is an AD LDS Application Partition? • Demonstration: Configuring AD LDS Instances and Application Partitions • AD LDS Users and Groups • How Does Access Control Work in AD LDS?
  • 10. What Is an AD LDS Instance? An AD LDS Instance is a running copy of AD LDS service that contains is own communication interface and directory store A Single AD LDS Instance Directory Service Interfaces (LDAP , replication) Client Directory Data Store (Adamntds.nit) The directory store has its own copy of the three partitions
  • 11. What Is an AD LDS Application Partition? The AD LDS application partition holds the data that is used by the application A Single AD LDS Instance Application partition 1 Configuration partition Schema partition Multiple application directory partitions can be created in each LDS instance; however each partition would share a single set of configuration and schema partitions
  • 12. Demonstration: Configuring AD LDS Instances and Application Partitions • In this demonstration, you will see how to configure an AD LDS instance on a computer that is already running one instance
  • 13. AD LDS Users and Groups AD LDS provides four default, role-based groups stored in the roles container of the appropriate partitions Role Administrators Readers Default Members Configuration partition: AD LDS administrators that are assigned during AD LDS setup Application partitions: The Administrators group from the configuration partition None Default Access Full access to all partitions Read access to the partition Configuration partition: Transitively, all AD LDS users Users Instances Application partitions: Transitively, all AD LDS users that are created in the partition Configuration partition: All instances None
  • 14. How Does Access Control Work in AD LDS? AD LDS Access Control: 1 Authenticates the identity of users requesting access to the directory, allowing only successfully authenticated users into the directory 2 Uses security descriptors, called access control lists (ACLs), on directory objects to determine which objects an authenticated user can access
  • 15. Lesson 3: Implementing AD LDS Replication • How AD LDS Replication Works • Why Implement AD LDS Replication?
  • 16. How AD LDS Replication Works AD LDS uses multimaster replication: • All instances are writable • Changes on one instance are replicated to the other instances AD LDS servers replicate changes to all servers Client adds “User 2” on Server 1 Client modifies “User 1” display name on Server 2 Server 2 Server 1 Server 3
  • 17. Why Implement AD LDS Replication? Why implement AD LDS Replication? • High availability • Load balancing • Geographic limitations
  • 18. Lesson 4: Comparing AD DS and AD LDS • Similarities between AD DS and AD LDS • Differences between AD DS and AD LDS • Integrating AD DS and AD LDS
  • 19. Similarities Between AD DS and AD LDS Similarities between AD DS and AD LDS: • Support LDAP connections • Use multimaster replication • Support delegated administration • Use Extensible Storage Engine for the database store
  • 20. Differences Between AD DS and AD LDS Features AD LDS Capable of multiple instances running on one server X Runs on nondomain controllers X Does not require DNS infrastructure AD DS X Group policy X Global Catalog functions X Kerberos V5 Protocol authentication X Full-featured administrator tools X Automatic failover of services X
  • 21. Integrating AD DS and AD LDS To integrate AD DS and AD LDS: 1 Prepare the schema for synchronization 2 Prepare the configuration for AdamSync 3 Run AdamSync
  • 22. Module Review and Takeaways • Review Questions • Summary of AD LDS
  • 23. Thanks for Watching!
  • 24. ©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.