• No results found

Copyright

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Copyright"

Copied!
10
0
0

Loading.... (view fulltext now)

Download now ( 10 Page )

Full text

(1)

Lightweight Directory Services is a lightweight version of Active Directory Domain Services. This video provides an introduction to Lightweight Directory Services and what it can and cannot do.

(2)

AD LDS

Active Directory Lightweight Directory Services (AD LDS) was originally a

downloadable add-on to Windows Server called Active Directory Application Mode (ADAM). In Windows Server 2008 this became an additional role included in the operating system. AD LDS uses the same code as AD DS and thus provides some of the same functionality. As you will see, it provides a lot of the same functionality but is also flexible enough to offer additional options that are not possible using AD DS.

(3)

AD LDS Example

In this example, a user needs to access a web server. This web server has been placed on a perimeter network and separated from the internet and the internal network by a firewall. The web server needs to be able to authenticate users, however for

security reasons the company does not want to place a Domain Controller on the perimeter network. Rather than install a Domain Controller on the perimeter

network, another option is to install AD LDS on the web server. Since it uses the same code base as a Domain Controller, it is able to authenticate users the same way a Domain Controller would. In order to achieve this, the user’s database is replicated from a Domain Controller on the commercial network to the perimeter network. AD LDS also allows you to choose which data you want to replicate, for example, you could choose to replicate the user data but not the group data. AD LDS also supports additional data to be added. This means additional data can be added that the web server can be accessed through AD LDS which means this additional data does not need to be added to AD DS. This solution helps keep Active Directory secure and also

(4)

Differences between AD LDS and AD DS

AD LDS is designed more to run software rather than to run domains so it not a replacement for AD DS. It can run on a computer that is in a workgroup, does not require DNS and also can run on client operating systems like Windows 7 and 8. For this reason, it is a good choice for application support and for testing. For example, a developer can have their own install running on their client operating system and thus be able to make whatever changes they want, something that is not possible using a production domain. AD LDS supports multiple instances as well, so the administrator is free to create as many local copies as they wish. AD LDS does not support domain features like group policy, global catalog support and the ability to manage workstations. For this reason it cannot be used as a replacement for Domain Controllers. Even though these domain features are not available, AD LDS does support sites and replication. This means AD LDS installation can replicate data between each other and also with Domain Controllers, however support of trusts is not supported so this limits an AD LDS instance to working with only the one domain.

(5)

Differences between Directory Services and Databases

A directory service and a database fundamentally work differently. For this reason they tend to be used for different types of applications. Directory Services are hierarchical based, allowing security to be applied to an object. If you want to add additional objects you need to change the schema. Changes to the schema cannot be undone after they have been made. Since Directory Services is hierarchical in nature, it can perform fast searches, for example looking up a person in the Directory Service would be quite fast. Directory Services can be modified in multiple locations at the same time. If multiple changes are made at the same time, the last write performed will overwrite any previous writes.

A relational database in comparison offers faster write times than a directory service as the data is stored in rows and column rather than a hierarchy. Data is locked before it is updated so there is no chance that data will be changed in two locations at the same time. A relational database does not have a schema so changes to the layout of the data can be changed at any time. This include the ability to reverse changes later

(6)

Non-Permanent Schema Extensions

Administrators will often be hesitant to deploy software that makes schema changes to Active Directory. This is because once those changes are made, these changes cannot be undone. With AD LDS, each instance has its own schema. So what the administrator can do is create a separate instance for each application they want. The changes to the schema still cannot be undone once created, however the

administrator is able to remove the instance with the schema changes if no longer required. This prevents the scenario happening where an administrator changes the Active Directory Domain Services schema to run a particular application and later on the company decides to stop using that application. If the changes were made to Active Directory Domain Services, the administrator would be stuck with these changes even after the application had been removed from the network. With AD LDS, the instance can be removed when the application is removed.

(7)

High Speed Access

By installing AD LDS on the same computer as the application, this improves performance of that application accessing the data in the Directory Services. If you were to put the data in the Active Directory database, in order to get a performance increase like this, you would need to install the application on a Domain Controller. It is not recommend to install applications on a Domain Controller when it can be avoided.

(8)

Provide Authentication and Security

AD LDS can authenticate access like a Domain Controller can. For this reason, you can store additional data on the AD LDS server. This keeps it separate from the rest of the Domain data. For this reason, it is a good choice when you require application data on a secure network. Having the data on AD LDS means that it can be kept in one location and there is no chance that it will be replicated with the other domain data.

(9)

Used by Developers

Since AD LDS can be installed on client operating systems like Windows Vista7,8, it is a good choice for developers to use. The developer is free to install AD LDS on their desktop computer and they do not require additional access other than local administrator access. This allows the developer to make any changes they like without affecting the production network and without having to purchase additional server licenses.

(10)

AD LDS Summary

AD LDS should be considered as just another application running on the computer. For this reason, unlike Domain Controllers, it does not require additional services like DNS and there is no need to manage extra permissions like enterprise or domain administration rights. The user only requires local administrator rights. Since it is not a replacement for Domain Controllers, AD LDS does not support domain features like Global Catalog Server, Group Policy or the ability to add computers to a domain. The advantage of AD LDS is that it allows the administrator to deploy applications that require schema changes without changing the schema on their production network. This means that if the company decides to retire the application later on, to remove the schema changes they only need to remove the AD LDS instance.

See http://YouTube.com/ITFreeTrainingor http://itfreetraining.comfor our always free training videos. This is only one video from the many free courses available on YouTube.

References

Download now ( PDF - 10 Page - 1.22 MB )

Related documents

Measuring the benefits of a psychology placement year

One feature emerging from Reddy and Hill’s (2002) research on placement assessment was that the sandwich year was clearly valued by students to the extent that a ‘placement

Temporal lags and overlap in the diversification of weevils and flowering plants

As for possible mechanisms, the relatively earlier diversifica- tion of monocots relative to core eudicots (45) may have facilitated the diversification of early Curculionidae,

WOULD YOU LIKE TO OWN A PRESCHOOL?

1 EXECUTIVE SUMMARY: A member’s start-up of a local business in conjunction with the starting of a Church of Christ can be a marriage made for Heaven.. Each can

If you want to read a

•The Maze Runner •The Missing Series •The Power of Six •Slated Series. •The Time Machine •A Wrinkle in Time Award

The Definition and Application of Pilates Exercise to Treat People With Chronic Low Back Pain: A Delphi Survey of Australian Physical Therapists

In this Delphi survey, 30 physical therapists reached consensus on the majority of items relating to the def- inition and application of Pilates exercise in people with CLBP

Studi Pencocokan Plat Kendaraan Dengan Metode Phase Only Correlation

Algoritma pencocokan yang digunakan pada tugas akhir ini adalah Phase only Correlation (POC), yaitu algoritma yang mencocokkan fasa dari dua buah citra dengan melihat nilai

Full-viewpoint 3D Space Object Recognition Based on Kernel Locality Preserving Projections

However, image of a space object could be taken at any point in the sphere centered at the object, and the appearance of the same satellite changes greatly in images taken

Bently N 1900-65A Manual

Operation: Status will be true if any of the following cases are true: • Monitor alarm inhibit is active (see Monitor Alarm Inhibit) • Any enabled channel is in bypass (see