Solved

AD QUERY3

Posted on 2011-03-08
6
268 Views
Last Modified: 2012-05-11
I have a query in regards to the (AD LDS) and (AD DS) cannot find the difference. Please tell in a easy language. I am not very good in Administration. The languages used in Technical information is very difficult please tell in understanding language.

Microsoft Active Directory Lightweight Directory Services (AD LDS) is an independent mode of Active Directory that provides dedicated directory services for applications.

Active Directory Domain Services

Active Directory Domain Services (AD DS), formerly known as Active Directory Directory Services, is the central location for configuration information, authentication requests, and information about all of the objects that are stored within your forest. Using Active Directory, you can efficiently manage users, computers, groups, printers, applications, and other directory-enabled objects from one secure, centralized location.

0
Comment
Question by:kunalclk
  • 3
  • 2
6 Comments
 
LVL 11

Assisted Solution

by:RickSheikh
RickSheikh earned 50 total points
Comment Utility
AD LDS (or formerly ADAM) is a light weight LDAP instance that is used for development. It is kind of like having AD without group policies, DNS, Domain Controllers.

ADDS is authentication/authorization directory (commonly known as Active Directory) for a distributed networked environment.
0
 
LVL 2

Author Comment

by:kunalclk
Comment Utility
Oh! AD LDS is a type of AD then what is the use of it if we cannot apply features that in AD? You said it is for authentication and authorization, then why do we not use AD there. Distributed environment I cannot understand? Is it something like WAN connection where we require instant connection to the directory for authorization and authentication? How the AD LDS provides dedicated Directory Services? Was ADAM used in 2003 servers why has it been changed what are new features in AD LDS?
0
 
LVL 13

Expert Comment

by:connectex
Comment Utility
Most directory services technologies (Microsoft Active Directory, Novell eDirectory) are based on the x.500 standard. LDAP was a designed to standardize and simplify directory services access. Here's a couple articles on X.500 - http://en.wikipedia.org/wiki/X.500 and LDAP - http://en.wikipedia.org/wiki/LDAP
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 2

Author Comment

by:kunalclk
Comment Utility
I was asking about ad lds however connectex since you are relating to the LDAP then I can only understand it is a protocol for managing directories in any network. However I was cleared with schema concept thanx to this connectex. However it will be great now that you have started x.500 please tell x.500 statement X.500 is a series of computer networking standards covering electronic directory services. I also found this statement difficult"The primary concept of X.500 is that there is a single Directory Information Tree (DIT), a hierarchical organization of entries which is distributed across one or more servers, called Directory System Agents (DSA). An entry consists of a set of attributes, each attribute with one or more values. Each entry has a unique Distinguished Name, formed by combining its Relative Distinguished Name  (RDN), one or more attributes of the entry itself, and the RDNs of each of the superior entries up to the root of the DIT. As LDAP implements a very similar data model to that of X.500, there is further description of the data model in the article on LDAP."
Please tell me why in exchange at properties list we see x.500 instead on LDAP if still x.500.

0
 
LVL 13

Accepted Solution

by:
connectex earned 450 total points
Comment Utility
"The primary concept of X.500 is that there is a single Directory Information Tree (DIT), a hierarchical organization of entries which is distributed across one or more servers, called Directory System Agents (DSA)."

Prior to X.500 based directories information was typically stored on a single server. NetWare 3.x is a great example. It stored all the user information on each server. Therefore if you needed access to three different servers the administrators have to create you a user account on each server. And update/delete them as needed. What a pain in the butt. X.500 changed this as now one user account can grant access to multiple servers and we no longer have the redundant entries to maintain or cleanup. In the Microsoft realm DSAs are called Domain Controllers (DCs). DCs store the all the Active Directory information for a domain. The sychronize the information to the other DCs within a domain so there's a additional copies in the event of a server failure and to provide DC services locally for a multi-site network.

"An entry consists of a set of attributes, each attribute with one or more values"

Remember X.500 is a concept / guidance not an exact design / deployment. The best way to explain X.500 is it's an inverted tree via series of objects. Object types are defined by a schema (example are user, group, organizational unit). Each object type has one of more attributes that the object can hold. An attribute is a piece of information it can track. An example of an attribute would be last name. A value would be the data stored in an attribute for a particular object. For example Smith for this user's last name. The schema defines what type of information each attribute can hold (alphanumberic in this case). It may also define a size limit (i.e. up to 30 characters). The schema can be updated to add new objects or expand on existing objects. Microsoft Exchange uses schema updates to add it's necessary objects. It adds the routing group object and extends the user object to store mail related attributes. Objects are either containers or leafs. Containers can hold other objects (organization units are the best example). A leaf is an end object (user or group). This is very similiar to file system's folders and files.

"Each entry has a unique Distinguished Name, formed by combining its Relative Distinguished Name  (RDN), one or more attributes of the entry itself, and the RDNs of each of the superior entries up to the root of the DIT"

Distinguished Name (DN) is an object's name in the tree structure. It may be unique for the entire directory tree. The DN is typically the name you use to manage it. JSmith for the user mentioned earlier. The Relative Distinguished Name is the complete path to find this object. For this example it's CN=JSmith.OU=Sales.OU=Midwest.OU=Contoso. This means JSmith (John Smith). CN is for Common Name and OU for Organizational Unit. So the JSmith's user object is in Sales OU which is in the Midwest OU, which is in the Contoso OU. It's actually again like a complete file system path but only backwards.
0
 
LVL 2

Author Closing Comment

by:kunalclk
Comment Utility
Thnx
rajarshivp@gmail.com
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now