Solved

AD QUERY3

Posted on 2011-03-08
6
276 Views
Last Modified: 2012-05-11
I have a query in regards to the (AD LDS) and (AD DS) cannot find the difference. Please tell in a easy language. I am not very good in Administration. The languages used in Technical information is very difficult please tell in understanding language.

Microsoft Active Directory Lightweight Directory Services (AD LDS) is an independent mode of Active Directory that provides dedicated directory services for applications.

Active Directory Domain Services

Active Directory Domain Services (AD DS), formerly known as Active Directory Directory Services, is the central location for configuration information, authentication requests, and information about all of the objects that are stored within your forest. Using Active Directory, you can efficiently manage users, computers, groups, printers, applications, and other directory-enabled objects from one secure, centralized location.

0
Comment
Question by:kunalclk
  • 3
  • 2
6 Comments
 
LVL 11

Assisted Solution

by:RickSheikh
RickSheikh earned 50 total points
ID: 35078936
AD LDS (or formerly ADAM) is a light weight LDAP instance that is used for development. It is kind of like having AD without group policies, DNS, Domain Controllers.

ADDS is authentication/authorization directory (commonly known as Active Directory) for a distributed networked environment.
0
 
LVL 2

Author Comment

by:kunalclk
ID: 35079530
Oh! AD LDS is a type of AD then what is the use of it if we cannot apply features that in AD? You said it is for authentication and authorization, then why do we not use AD there. Distributed environment I cannot understand? Is it something like WAN connection where we require instant connection to the directory for authorization and authentication? How the AD LDS provides dedicated Directory Services? Was ADAM used in 2003 servers why has it been changed what are new features in AD LDS?
0
 
LVL 13

Expert Comment

by:connectex
ID: 35079889
Most directory services technologies (Microsoft Active Directory, Novell eDirectory) are based on the x.500 standard. LDAP was a designed to standardize and simplify directory services access. Here's a couple articles on X.500 - http://en.wikipedia.org/wiki/X.500 and LDAP - http://en.wikipedia.org/wiki/LDAP
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 2

Author Comment

by:kunalclk
ID: 35080691
I was asking about ad lds however connectex since you are relating to the LDAP then I can only understand it is a protocol for managing directories in any network. However I was cleared with schema concept thanx to this connectex. However it will be great now that you have started x.500 please tell x.500 statement X.500 is a series of computer networking standards covering electronic directory services. I also found this statement difficult"The primary concept of X.500 is that there is a single Directory Information Tree (DIT), a hierarchical organization of entries which is distributed across one or more servers, called Directory System Agents (DSA). An entry consists of a set of attributes, each attribute with one or more values. Each entry has a unique Distinguished Name, formed by combining its Relative Distinguished Name  (RDN), one or more attributes of the entry itself, and the RDNs of each of the superior entries up to the root of the DIT. As LDAP implements a very similar data model to that of X.500, there is further description of the data model in the article on LDAP."
Please tell me why in exchange at properties list we see x.500 instead on LDAP if still x.500.

0
 
LVL 13

Accepted Solution

by:
connectex earned 450 total points
ID: 35083635
"The primary concept of X.500 is that there is a single Directory Information Tree (DIT), a hierarchical organization of entries which is distributed across one or more servers, called Directory System Agents (DSA)."

Prior to X.500 based directories information was typically stored on a single server. NetWare 3.x is a great example. It stored all the user information on each server. Therefore if you needed access to three different servers the administrators have to create you a user account on each server. And update/delete them as needed. What a pain in the butt. X.500 changed this as now one user account can grant access to multiple servers and we no longer have the redundant entries to maintain or cleanup. In the Microsoft realm DSAs are called Domain Controllers (DCs). DCs store the all the Active Directory information for a domain. The sychronize the information to the other DCs within a domain so there's a additional copies in the event of a server failure and to provide DC services locally for a multi-site network.

"An entry consists of a set of attributes, each attribute with one or more values"

Remember X.500 is a concept / guidance not an exact design / deployment. The best way to explain X.500 is it's an inverted tree via series of objects. Object types are defined by a schema (example are user, group, organizational unit). Each object type has one of more attributes that the object can hold. An attribute is a piece of information it can track. An example of an attribute would be last name. A value would be the data stored in an attribute for a particular object. For example Smith for this user's last name. The schema defines what type of information each attribute can hold (alphanumberic in this case). It may also define a size limit (i.e. up to 30 characters). The schema can be updated to add new objects or expand on existing objects. Microsoft Exchange uses schema updates to add it's necessary objects. It adds the routing group object and extends the user object to store mail related attributes. Objects are either containers or leafs. Containers can hold other objects (organization units are the best example). A leaf is an end object (user or group). This is very similiar to file system's folders and files.

"Each entry has a unique Distinguished Name, formed by combining its Relative Distinguished Name  (RDN), one or more attributes of the entry itself, and the RDNs of each of the superior entries up to the root of the DIT"

Distinguished Name (DN) is an object's name in the tree structure. It may be unique for the entire directory tree. The DN is typically the name you use to manage it. JSmith for the user mentioned earlier. The Relative Distinguished Name is the complete path to find this object. For this example it's CN=JSmith.OU=Sales.OU=Midwest.OU=Contoso. This means JSmith (John Smith). CN is for Common Name and OU for Organizational Unit. So the JSmith's user object is in Sales OU which is in the Midwest OU, which is in the Contoso OU. It's actually again like a complete file system path but only backwards.
0
 
LVL 2

Author Closing Comment

by:kunalclk
ID: 35174072
Thnx
rajarshivp@gmail.com
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question