HomeОбразованиеRelated VideosMore From: itfreetraining

Introduction to Lightweight Directory Services

349 ratings | 76916 views
Lightweight Directory Services is a lightweight version of Active Directory Domain Services. This video provides an introduction to Lightweight Directory Services and what it can and cannot do. Download the PDF handout http://itfreetraining.com/handouts/adlds/adlds-intro.pdf AD LDS Active Directory Lightweight Directory Services (AD LDS) was originally a downloadable add-on to Windows Server called Active Directory Application Mode (ADAM). In Windows Server 2008 this became an additional role included in the operating system. AD LDS uses the same code as AD DS and thus provides some of the same functionality. As you will see, it provides a lot of the same functionality but is also flexible enough to offer additional options that are not possible using AD DS. AD LDS Example In this example, a user needs to access a web server. This web server has been placed on a perimeter network and separated from the internet and the internal network by a firewall. The web server needs to be able to authenticate users, however for security reasons the company does not want to place a Domain Controller on the perimeter network. Rather than install a Domain Controller on the perimeter network, another option is to install AD LDS on the web server. Since it uses the same code base as a Domain Controller, it is able to authenticate users the same way a Domain Controller would. In order to achieve this, the user's database is replicated from a Domain Controller on the commercial network to the perimeter network. AD LDS also allows you to choose which data you want to replicate, for example, you could choose to replicate the user data but not the group data. AD LDS also supports additional data to be added. This means additional data can be added that the web server can be accessed through AD LDS which means this additional data does not need to be added to AD DS. This solution helps keep Active Directory secure and also help prevents extra data being added to the database. Differences between AD LDS and AD DS AD LDS is designed more to run software rather than to run domains so it not a replacement for AD DS. It can run on a computer that is in a workgroup, does not require DNS and also can run on client operating systems like Windows 7 and 8. For this reason, it is a good choice for application support and for testing. For example, a developer can have their own install running on their client operating system and thus be able to make whatever changes they want, something that is not possible using a production domain. AD LDS supports multiple instances as well, so the administrator is free to create as many local copies as they wish. AD LDS does not support domain features like group policy, global catalog support and the ability to manage workstations. For this reason it cannot be used as a replacement for Domain Controllers. Even though these domain features are not available, AD LDS does support sites and replication. This means AD LDS installation can replicate data between each other and also with Domain Controllers, however support of trusts is not supported so this limits an AD LDS instance to working with only the one domain. Differences between Directory Services and Databases A directory service and a database fundamentally work differently. For this reason they tend to be used for different types of applications. Directory Services are hierarchical based, allowing security to be applied to an object. If you want to add additional objects you need to change the schema. Changes to the schema cannot be undone after they have been made. Since Directory Services is hierarchical in nature, it can perform fast searches, for example looking up a person in the Directory Service would be quite fast. Directory Services can be modified in multiple locations at the same time. If multiple changes are made at the same time, the last write performed will overwrite any previous writes. A relational database in comparison offers faster write times than a directory service as the data is stored in rows and column rather than a hierarchy. Data is locked before it is updated so there is no chance that data will be changed in two locations at the same time. A relational database does not have a schema so changes to the layout of the data can be changed at any time. This include the ability to reverse changes later on which is not possible with a Directory Service. For the rest of the descrption please see http://itfreetraining.com/adlds#intro See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for our always free training videos. This is only one video from the many free courses available on YouTube. References "MCTS 70-640 Configuring Windows Server 2008 Active Directory Second edition" pg 731 -741 "Active Directory Lightweight Directory Services Overview" http://technet.microsoft.com/en-us/library/hh831593.aspx
Html code for embedding videos on your blog
Text Comments (76)
Sridhar Vijay (17 days ago)
Since you have mentioned about Single sign on. could you please explain about the differences between ADLDS and ADFS? . In the Example you have give can we use Adfs instead of ADLDS?
Danish Aziz (28 days ago)
nice one
itfreetraining (22 days ago)
Danish Aziz (28 days ago)
mill thnx
itfreetraining (22 days ago)
Thanks for watching!
Salih Aksan (2 months ago)
best explanation so far
itfreetraining (2 months ago)
Aleksandar Zivkovic (4 months ago)
great video ... informative and easy to follow. +1
GunnerDucker (7 months ago)
Great, high quality video!
itfreetraining (7 months ago)
Thank you!
kene. emma (9 months ago)
Sir you lession are really supporting my studies on MCSA thankyou
itfreetraining (9 months ago)
You're very welcome!
Gustavo Marano (10 months ago)
Microsoft... DELETE THIS STUPID IDEA! this is obsolete, dont usefull... only used to: object = computer / user / etc and domain = something.local... the rest of attributes are a lost of time !... anyone know how read attributes like Windows workstations do but are a Pentagon Secret ?? . Eg.: login user name, last name in logon screen appear, but if I need to retrive this data need install lots of aditionals components in the workstations. And stop with philosophy and put hand in the work with code, commands and the usefull things.
Gustavo Marano (9 months ago)
you welcome
itfreetraining (10 months ago)
Interesting opinion, thanks for sharing.
Technical Techs (1 year ago)
Great .. really good content and proper explanation in this video
kaushal jain (1 year ago)
Could you please share the link of reference book that you are using?
rajesh (1 year ago)
Shown video is very informative I appreciate your efforts. Could you please share a link of next video of ADLDS next part. Thank you !!!
Jay Lee (2 years ago)
Hi, great vids as usual.The link to PDF file is a dead link. Can this be corrected please?
Ma ch (2 years ago)
Great way of explaining!
itfreetraining (2 years ago)
Thanks for your feedback! We're glad you enjoyed it!
Prashanth Shetkar (2 years ago)
Simply superb... nicely explained :)
itfreetraining (2 years ago)
Andrew Hill (2 years ago)
itfreetraining (2 years ago)
You're welcome!
Mahdi Tehrani (2 years ago)
Thanks for wonderful video.. Any plans for making other advanced concepts? I am waiting for SPN and Replication Tables. :)
James Sam (2 years ago)
Nice way of teaching
itfreetraining (2 years ago)
Thanks! We're glad you liked it.
pablo (3 years ago)
Excellent explanation. Nice, deep and clear voice makes listening really comfortable. Professional job. It was pleasure to watch this video. Thank you. I only don't understand why it is safe to use LDS in perimeter network. If I keep there the same users as in AD with their passwords so it looks also very dangerous. (I know, there is no additional info about GPOs, domains etc.) If hacker would get my ntds.dit file he could log on every user's account (also administrator). Probably we don't need to copy all users objects to LDS but still some important accounts are exposed to danger of hacking attempts. Maybe I'm wrong but passing these authentication requests from WEB server through nest firewall into internal network to e.g. RODOC (allowed to keep passwords for web users group) seems to be more secure.
Dan Adrian Nichifor (3 years ago)
Good work excellent job
itfreetraining (3 years ago)
+Dan Adrian Nichifor Thanks!
Abu Abdullah (3 years ago)
where i can find the other videos that are related to this subject.
freshuser191919 (3 years ago)
what a superb way to explain and teach. The best explanation ... Thank you so much for your help . .. I have understood the AD LDS within 15 minutes which was being confusion for me for days... (Y)
itfreetraining (3 years ago)
Thank you very much!
freshuser191919 (3 years ago)
keep up the good work dear.. stay blessed ! :) 
itfreetraining (3 years ago)
+freshuser191919 You're most welcome! Thanks for watching.
Marius Grecu (3 years ago)
You are awesome. Oh, and for the ones who are watching this and using adblock, please pause/disable it when watching. We need to support these guys.
itfreetraining (3 years ago)
+Marius Grecu Thank you very much! We appreciate the call for action. Our ads are non-obtrusive and won't give you any viruses. ;)
Walter Ayala (3 years ago)
Excellent! Great way to explain it. Thank you!
itfreetraining (3 years ago)
+Walter Ayala You're welcome. Thanks for watching.
Gopal Roy (3 years ago)
indeed brilliant explanation....
itfreetraining (3 years ago)
+Gopal Roy Thanks!
Bc.Sang (3 years ago)
Can I ask for the link to the next video, please?
Colbert Philippe (3 years ago)
Something is still not clear to me.   Can Lightweight Directory Service create a small domain controller?
itfreetraining (3 years ago)
+Colbert Philippe Think of it as a Domain Controller with less features. It is mainly for authentication. It does not support features like Group Policy. So can ADLS be used to create a domain, not it cannot as it does not have enough features.
Subhajit Mitra (3 years ago)
Awesome explanation!!!!!! :)
itfreetraining (3 years ago)
+subhajit mitra Thanks!
Paulo Cabral (4 years ago)
Where is the next video?
Alessandro Squeo (5 years ago)
Is there a way to search and find all the ADLDS servers in the environment.  I'm in a large Enterprise with over 70,000 users and there are several Apps that use AD/LDS.  Yet the current IT staff does not know how many servers/Instances of ADLDS are in the environment.  I was wondering if you know of a way to query AD or the Network to find such servers with such service?  Thanks again for the great videos.
itfreetraining (5 years ago)
I don't think you would be able to find them by querrying the AD database as the computer storing the AD LDS does not need to be in the domain. I would suggest using some auditing software to find out if the role is installed on the computer.
Ragrik (5 years ago)
Nice! Like it
itfreetraining (5 years ago)
Thanks very much.
Asim (5 years ago)
AWESOME video. Beautiful explanation and easy to understand. ITFREETRAINING ROCKS!!!!
itfreetraining (5 years ago)
Thanks very much.
itfreetraining (5 years ago)
Thanks very much and thanks for watching..
manoj sharma (5 years ago)
nicely explained, superb quality of contents, appreciate your valuable presentation!
pants (5 years ago)
Yeah, so I contacted the company through their website and got some information. They installed it after installing the OS. So I won't be doing that^^ Thanks for the reply though.
itfreetraining (5 years ago)
No problem at all. Thanks very much for watching.
itfreetraining (5 years ago)
It is under /adlds. We are working on finishing the coding for the new course layout so there maybe a delay getting the videos on the web site till we finish coding it. Once it is done you will be able to find video very quickly and customize which videos you see depending on which course or operating system you want to watch.
itfreetraining (5 years ago)
What do you mean by resetting the computer? Do you mean re-installing the operating system using the original DVD's. If they are restore DVD's then the company may have included Microsoft Office with the install. However they may have also installed it afterwards. Have a look what DVD's came with the computer. Microsoft Word is not part of Windows and thus it needs to installed afterwards. How, that depends on what DVD's were shipped to you with the computer.
pants (5 years ago)
So, this doesn't relate to the video but I need an answer! When I bought my computer, it can with Microsoft Office. If I do a factory reset of my computer (Backing up files such as Music, Videos, e.t.c manually.), will it start with Microsoft Word automatically or will it be the bare Windows7? This is the reason why I am scared to reset my computer. (Also, where exactly do I reset my computer, also, is my logic behind how this works correct?) I am doing this in hope of my computer running faster
Ahmed ETTAHIRI (5 years ago)
thaks a lot.....but why those laste videos you publish dont appear in your site
Vicky Pradhan (5 years ago)
thank you so much for providing good content and it is very easy to understand.
itfreetraining (5 years ago)
Thanks. Glad to hear that you have found the videos useful.
itfreetraining (5 years ago)
No problem at all, thanks for watching.
itfreetraining (5 years ago)
Thanks very much.
itfreetraining (5 years ago)
thanks very much and thanks for watching.
itfreetraining (5 years ago)
Thanks very much and thanks for watching.
Randolph welch (5 years ago)
Thank you very much Sir you are the best thanks for bringing this. You are always clear and precise about all of your course
Adam Werner (5 years ago)
Thank you! These videos are awesome and a very valuable resource.
Dark Defender (5 years ago)
thanks for that itfreetraining, keep up with the vids.
Unleashmywealth (5 years ago)
Thank you, Sir - you can not imagine what a great help you've been to us!! Keep it rocking and be safe!!
itfreetraining (5 years ago)
AD LDS is a role in Windows Server 2012/2008. So you add it using server manager. In Windows Server 2003 it was an add on called ADAM which was a free download. It does not cost anything to use assuming you own Windows Servers or a client operating system. In Windows 8 it is a feature that you add to the operating system. I assume Windows 7 is the same, otherwise it is just a free. download from Microsoft.
Dark Defender (5 years ago)
can I download the AD LDS from Microsoft website? and how much will it cost?
itfreetraining (5 years ago)
No problem at all. Thanks for watching.
Anil Nembang (5 years ago)
Thank you IT free training

Would you like to comment?

Join YouTube for a free account, or sign in if you are already a member.