• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 295
  • Last Modified:

AD QUERY3

I have a query in regards to the (AD LDS) and (AD DS) cannot find the difference. Please tell in a easy language. I am not very good in Administration. The languages used in Technical information is very difficult please tell in understanding language.

Microsoft Active Directory Lightweight Directory Services (AD LDS) is an independent mode of Active Directory that provides dedicated directory services for applications.

Active Directory Domain Services

Active Directory Domain Services (AD DS), formerly known as Active Directory Directory Services, is the central location for configuration information, authentication requests, and information about all of the objects that are stored within your forest. Using Active Directory, you can efficiently manage users, computers, groups, printers, applications, and other directory-enabled objects from one secure, centralized location.

0
kunalclk
Asked:
kunalclk
  • 3
  • 2
2 Solutions
 
RickSheikhCommented:
AD LDS (or formerly ADAM) is a light weight LDAP instance that is used for development. It is kind of like having AD without group policies, DNS, Domain Controllers.

ADDS is authentication/authorization directory (commonly known as Active Directory) for a distributed networked environment.
0
 
kunalclkAuthor Commented:
Oh! AD LDS is a type of AD then what is the use of it if we cannot apply features that in AD? You said it is for authentication and authorization, then why do we not use AD there. Distributed environment I cannot understand? Is it something like WAN connection where we require instant connection to the directory for authorization and authentication? How the AD LDS provides dedicated Directory Services? Was ADAM used in 2003 servers why has it been changed what are new features in AD LDS?
0
 
connectexCommented:
Most directory services technologies (Microsoft Active Directory, Novell eDirectory) are based on the x.500 standard. LDAP was a designed to standardize and simplify directory services access. Here's a couple articles on X.500 - http://en.wikipedia.org/wiki/X.500 and LDAP - http://en.wikipedia.org/wiki/LDAP
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
kunalclkAuthor Commented:
I was asking about ad lds however connectex since you are relating to the LDAP then I can only understand it is a protocol for managing directories in any network. However I was cleared with schema concept thanx to this connectex. However it will be great now that you have started x.500 please tell x.500 statement X.500 is a series of computer networking standards covering electronic directory services. I also found this statement difficult"The primary concept of X.500 is that there is a single Directory Information Tree (DIT), a hierarchical organization of entries which is distributed across one or more servers, called Directory System Agents (DSA). An entry consists of a set of attributes, each attribute with one or more values. Each entry has a unique Distinguished Name, formed by combining its Relative Distinguished Name  (RDN), one or more attributes of the entry itself, and the RDNs of each of the superior entries up to the root of the DIT. As LDAP implements a very similar data model to that of X.500, there is further description of the data model in the article on LDAP."
Please tell me why in exchange at properties list we see x.500 instead on LDAP if still x.500.

0
 
connectexCommented:
"The primary concept of X.500 is that there is a single Directory Information Tree (DIT), a hierarchical organization of entries which is distributed across one or more servers, called Directory System Agents (DSA)."

Prior to X.500 based directories information was typically stored on a single server. NetWare 3.x is a great example. It stored all the user information on each server. Therefore if you needed access to three different servers the administrators have to create you a user account on each server. And update/delete them as needed. What a pain in the butt. X.500 changed this as now one user account can grant access to multiple servers and we no longer have the redundant entries to maintain or cleanup. In the Microsoft realm DSAs are called Domain Controllers (DCs). DCs store the all the Active Directory information for a domain. The sychronize the information to the other DCs within a domain so there's a additional copies in the event of a server failure and to provide DC services locally for a multi-site network.

"An entry consists of a set of attributes, each attribute with one or more values"

Remember X.500 is a concept / guidance not an exact design / deployment. The best way to explain X.500 is it's an inverted tree via series of objects. Object types are defined by a schema (example are user, group, organizational unit). Each object type has one of more attributes that the object can hold. An attribute is a piece of information it can track. An example of an attribute would be last name. A value would be the data stored in an attribute for a particular object. For example Smith for this user's last name. The schema defines what type of information each attribute can hold (alphanumberic in this case). It may also define a size limit (i.e. up to 30 characters). The schema can be updated to add new objects or expand on existing objects. Microsoft Exchange uses schema updates to add it's necessary objects. It adds the routing group object and extends the user object to store mail related attributes. Objects are either containers or leafs. Containers can hold other objects (organization units are the best example). A leaf is an end object (user or group). This is very similiar to file system's folders and files.

"Each entry has a unique Distinguished Name, formed by combining its Relative Distinguished Name  (RDN), one or more attributes of the entry itself, and the RDNs of each of the superior entries up to the root of the DIT"

Distinguished Name (DN) is an object's name in the tree structure. It may be unique for the entire directory tree. The DN is typically the name you use to manage it. JSmith for the user mentioned earlier. The Relative Distinguished Name is the complete path to find this object. For this example it's CN=JSmith.OU=Sales.OU=Midwest.OU=Contoso. This means JSmith (John Smith). CN is for Common Name and OU for Organizational Unit. So the JSmith's user object is in Sales OU which is in the Midwest OU, which is in the Contoso OU. It's actually again like a complete file system path but only backwards.
0
 
kunalclkAuthor Commented:
Thnx
rajarshivp@gmail.com
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now