Active Directory Lightweight Directory Services is one of the five Active Directory technologies available in Windows Server 2008 R2. That’s because AD LDS is really nothing more than a subset of AD DS functionality. Both use the similar core code, and both give a very similar feature set.
AD LDS, formerly called Active Directory Application Mode (ADAM), is a technology that is intended to support directory-enabled applications on an application-by-application foundation without requiring alteration of the database schema of your network operating system (NOS) directory running on AD DS. AD LDS is a benefit to administrators who want to use directory-enabled applications without integrating them in their NOS index. lively Directory Domain Services can also support the use of directory-enabled applications. One very good quality example is Microsoft Exchange Server 2007. All user information in Exchange Server is provided by the directory. When you install Exchange Server in your network, it begins by extending the AD DS schema, practically doubling its size. As you know, schema modifications are not taken lightly because, when you add an object or an attribute to the AD DS schema, it is added forever; it cannot be removed.
You can deactivate or rename and reuse these objects, but who wants defunct objects in their NOS directory? Adding to the schema for an application such as Exchange Server is appropriate because it provides a core networking service: email.
However, when it comes to other applications, especially applications that are provided by third-party software manufacturers, carefully consider whether you should integrate them into your AD DS directory. Remember, your production AD DS structure will be with you for a very long time. You don’t want to find yourself in a situation in which you integrated a product to your directory and then, several years later when the third-party manufacturer is out of business, have to figure out what to do with the extensions this product added to your AD DS structure, increasing replication timings and adding unused content in the directory.
This is why AD LDS is such a boon. Because it can support multiple AD LDS instances on a single server (unlike AD DS, which can support only one instance of a directory on any given server), AD LDS can meet the requirements of any directory-enabled application and even provide instances on an application-by-application basis. In addition, you do not need Enterprise Administrator or Schema Administrator credentials to work with AD LDS, as you would with AD DS. AD LDS runs on member or stand-alone servers and requires only local administration access rights to manage it. Because of this, it can also be used in a perimeter network to provide application or web authentication services. AD LDS is one of the four Active Directory technologies that allow you to extend your organization’s authority beyond the firewall and into the Internet cloud. (See Figure 14-1.)
Even though it is based on the similar code as AD DS, AD LDS is much simpler to work with. For example, when you install AD LDS on a server, it does not alter the pattern of the server in the same way that AD DS does when you create a domain manager. AD LDS is an request and nothing more. When you install it, you are not required to reboot the server because the application setting up process only adds functionality to the server and does not change its nature.
However, before you begin, you have to first understand what makes up an AD LDS instance, how AD LDS instances should be used, and what their association is or can be with AD DS directories. Then you can proceed to the installation of the AD LDS service.
Sympathetic Active Directory frivolous Directory Services
Like AD DS, AD LDS instances are based on the Lightweight Directory Access Protocol (LDAP) and give Hierarchical database services. Unlike relational databases, LDAP directories are optimized for exact purposes and should be used whenever you need to rely on fast lookups of information that support given applications. Table 14-1 outlines the major differences between an LDAP directory and a relational database such as Microsoft SQL Server. This contrast helps you appreciate when to choose an LDAP directory in support of an application over a relational database.
Even though AD LDS is based on AD DS, it does not comprise all the features of AD DS.
Table 14-2 outlines the differences in features between AD LDS and AD DS.
As you can see from the contents of Table 14-2, there are several similarities and differences between AD LDS and AD DS. as an example, it’s simple to envision why Exchange Server must integrate with AD DS as opposed to relying on AD LDS; Exchange Server needs access to the worldwide catalog service to run. Without it, email users could not look up recipients. Because AD LDS doesn’t support the worldwide catalog, Exchange Server cannot rely on it.
However, Exchange Server is an application that needs access to directory knowledge in every site of the domain or forest. As such, it also relies on your domain controller positioning to confirm that every user can properly address emails.
AD LDS, however, provides much of a similar practicality as AD DS. as an example, you can create instances with replicas distributed in various locations in your network, even as with the situation of domain controllers, and then use multi-master replication to ensure data consistency. In short, AD LDS could be a light-weight, portable, and additional malleable version of the directory service offered by AD DS.