Information Technology Reference
In-Depth Information
15. In the AD LDS Administrators window, you can choose which user or groups have administra-
tive permissions for AD LDS. Accept the default
Currently logged on user
, and then click
Next
.
16. You can import one or more LDIF files to configure aspects of the AD LDS application par-
tition schema. If you're running an application that creates its own application directory,
there's no need to import any of these files. You can also import LDIF files later. Click
Next
.
17. In the Ready to Install window, review your selections and click
Next
to install the AD LDS
instance. When the installation is completed, click
Finish
.
The following list provides more detail on some windows and options in the previous
activity:
•
Ports
—Services communicate with clients by using port numbers, which identify a service run-
ning on a computer. For example, if you're running a Web server, the default port number for
the server is 80. Each instance of a service must use a different port number. The standard
LDAP port is 389, and the standard SSL LDAP port is 636. For the first installed AD LDS
instance, these ports can be assigned to the instance. However, if AD DS is or will be installed
on the same server, you must select different ports for AD LDS because AD DS uses these port
numbers. A recommended best practice is using port numbers higher than 50000 for AD LDS
instances. After you have installed the first AD LDS instance, subsequent instances use port
numbers starting with 50000, by default.
•
Service Account Selection
—The Network service account is selected by default, but you
can create accounts for each AD LDS instance, if needed. If the server on which AD LDS
is installed is a domain member, a domain account should be used. A strong password
should be assigned to this account, and it should be set to never expire. The account must
be granted the Log on as a service right.
•
LDIF files
—Preconfigured LDIF files are available to import, which modify the application
partition's schema. For example, there are LDIF files that modify the schema to allow syn-
chronizing information with Active Directory or to create user classes, attributes, and so
forth. Some applications require custom schema changes. You can build your own LDIF
files and place them in the %systemroot%\Adam folder so that they're available for import.
12
AD LDS Management Tools
After AD LDS is installed, you can use several tools to
manage an AD LDS instance and its data. In most cases, the application using AD LDS is
installed and configures the application partition as necessary. However, you can administer
many aspects of an AD LDS instance with the following tools:
•
ADSI Edit
—This MMC is opened from Administrative Tools or by clicking the ADSI Edit
link in Server Manager when the AD LDS role is selected. When you connect to an AD
LDS instance, you can add and edit data in the available partitions.
•
LDP.exe
—Like ADSI Edit, the LDP tool can be used to connect to and manage AD LDS
instances, including creating new application partitions. LDP can also be used to adminis-
ter other LDAP directory services.
•
Server Manager
—Server Manager includes several links to AD LDS tools and recom-
mended configurations, tasks, and resources. To access these links, click Active Directory
Lightweight Directory Services in the left pane of Server Manager. You can select tools in
the Advanced Tools section and get information in the Resources and Support section
(shown in Figure 12-1). When you select an item in the Recommendations list box, you
can read detailed instructions about performing configuration tasks, such as creating an
AD LDS instance, creating a replica of an AD LDS instance, importing data from LDIF
files, creating an application partition, backing up and restoring an AD LDS instance, and
synchronizing data between AD DS and AD LDS, among others.
By default, an AD LDS instance's schema doesn't include user object definitions. However, you
can extend the schema to allow creating user accounts or adding existing Windows users to groups
you create. To extend the schema for user account creation, you import user classes with LDIFDE.
You can also extend the schema when creating an instance by importing preconfigured LDIF files.
Search WWH ::
Custom Search