Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

AD QUERY3

Posted on 2011-03-08
6
Medium Priority
?
293 Views
Last Modified: 2012-05-11
I have a query in regards to the (AD LDS) and (AD DS) cannot find the difference. Please tell in a easy language. I am not very good in Administration. The languages used in Technical information is very difficult please tell in understanding language.

Microsoft Active Directory Lightweight Directory Services (AD LDS) is an independent mode of Active Directory that provides dedicated directory services for applications.

Active Directory Domain Services

Active Directory Domain Services (AD DS), formerly known as Active Directory Directory Services, is the central location for configuration information, authentication requests, and information about all of the objects that are stored within your forest. Using Active Directory, you can efficiently manage users, computers, groups, printers, applications, and other directory-enabled objects from one secure, centralized location.

0
Comment
Question by:kunalclk
  • 3
  • 2
6 Comments
 
LVL 11

Assisted Solution

by:RickSheikh
RickSheikh earned 200 total points
ID: 35078936
AD LDS (or formerly ADAM) is a light weight LDAP instance that is used for development. It is kind of like having AD without group policies, DNS, Domain Controllers.

ADDS is authentication/authorization directory (commonly known as Active Directory) for a distributed networked environment.
0
 
LVL 2

Author Comment

by:kunalclk
ID: 35079530
Oh! AD LDS is a type of AD then what is the use of it if we cannot apply features that in AD? You said it is for authentication and authorization, then why do we not use AD there. Distributed environment I cannot understand? Is it something like WAN connection where we require instant connection to the directory for authorization and authentication? How the AD LDS provides dedicated Directory Services? Was ADAM used in 2003 servers why has it been changed what are new features in AD LDS?
0
 
LVL 13

Expert Comment

by:connectex
ID: 35079889
Most directory services technologies (Microsoft Active Directory, Novell eDirectory) are based on the x.500 standard. LDAP was a designed to standardize and simplify directory services access. Here's a couple articles on X.500 - http://en.wikipedia.org/wiki/X.500 and LDAP - http://en.wikipedia.org/wiki/LDAP
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:kunalclk
ID: 35080691
I was asking about ad lds however connectex since you are relating to the LDAP then I can only understand it is a protocol for managing directories in any network. However I was cleared with schema concept thanx to this connectex. However it will be great now that you have started x.500 please tell x.500 statement X.500 is a series of computer networking standards covering electronic directory services. I also found this statement difficult"The primary concept of X.500 is that there is a single Directory Information Tree (DIT), a hierarchical organization of entries which is distributed across one or more servers, called Directory System Agents (DSA). An entry consists of a set of attributes, each attribute with one or more values. Each entry has a unique Distinguished Name, formed by combining its Relative Distinguished Name  (RDN), one or more attributes of the entry itself, and the RDNs of each of the superior entries up to the root of the DIT. As LDAP implements a very similar data model to that of X.500, there is further description of the data model in the article on LDAP."
Please tell me why in exchange at properties list we see x.500 instead on LDAP if still x.500.

0
 
LVL 13

Accepted Solution

by:
connectex earned 1800 total points
ID: 35083635
"The primary concept of X.500 is that there is a single Directory Information Tree (DIT), a hierarchical organization of entries which is distributed across one or more servers, called Directory System Agents (DSA)."

Prior to X.500 based directories information was typically stored on a single server. NetWare 3.x is a great example. It stored all the user information on each server. Therefore if you needed access to three different servers the administrators have to create you a user account on each server. And update/delete them as needed. What a pain in the butt. X.500 changed this as now one user account can grant access to multiple servers and we no longer have the redundant entries to maintain or cleanup. In the Microsoft realm DSAs are called Domain Controllers (DCs). DCs store the all the Active Directory information for a domain. The sychronize the information to the other DCs within a domain so there's a additional copies in the event of a server failure and to provide DC services locally for a multi-site network.

"An entry consists of a set of attributes, each attribute with one or more values"

Remember X.500 is a concept / guidance not an exact design / deployment. The best way to explain X.500 is it's an inverted tree via series of objects. Object types are defined by a schema (example are user, group, organizational unit). Each object type has one of more attributes that the object can hold. An attribute is a piece of information it can track. An example of an attribute would be last name. A value would be the data stored in an attribute for a particular object. For example Smith for this user's last name. The schema defines what type of information each attribute can hold (alphanumberic in this case). It may also define a size limit (i.e. up to 30 characters). The schema can be updated to add new objects or expand on existing objects. Microsoft Exchange uses schema updates to add it's necessary objects. It adds the routing group object and extends the user object to store mail related attributes. Objects are either containers or leafs. Containers can hold other objects (organization units are the best example). A leaf is an end object (user or group). This is very similiar to file system's folders and files.

"Each entry has a unique Distinguished Name, formed by combining its Relative Distinguished Name  (RDN), one or more attributes of the entry itself, and the RDNs of each of the superior entries up to the root of the DIT"

Distinguished Name (DN) is an object's name in the tree structure. It may be unique for the entire directory tree. The DN is typically the name you use to manage it. JSmith for the user mentioned earlier. The Relative Distinguished Name is the complete path to find this object. For this example it's CN=JSmith.OU=Sales.OU=Midwest.OU=Contoso. This means JSmith (John Smith). CN is for Common Name and OU for Organizational Unit. So the JSmith's user object is in Sales OU which is in the Midwest OU, which is in the Contoso OU. It's actually again like a complete file system path but only backwards.
0
 
LVL 2

Author Closing Comment

by:kunalclk
ID: 35174072
Thnx
rajarshivp@gmail.com
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question