Solved

AD QUERY3

Posted on 2011-03-08
6
277 Views
Last Modified: 2012-05-11
I have a query in regards to the (AD LDS) and (AD DS) cannot find the difference. Please tell in a easy language. I am not very good in Administration. The languages used in Technical information is very difficult please tell in understanding language.

Microsoft Active Directory Lightweight Directory Services (AD LDS) is an independent mode of Active Directory that provides dedicated directory services for applications.

Active Directory Domain Services

Active Directory Domain Services (AD DS), formerly known as Active Directory Directory Services, is the central location for configuration information, authentication requests, and information about all of the objects that are stored within your forest. Using Active Directory, you can efficiently manage users, computers, groups, printers, applications, and other directory-enabled objects from one secure, centralized location.

0
Comment
Question by:kunalclk
  • 3
  • 2
6 Comments
 
LVL 11

Assisted Solution

by:RickSheikh
RickSheikh earned 50 total points
ID: 35078936
AD LDS (or formerly ADAM) is a light weight LDAP instance that is used for development. It is kind of like having AD without group policies, DNS, Domain Controllers.

ADDS is authentication/authorization directory (commonly known as Active Directory) for a distributed networked environment.
0
 
LVL 2

Author Comment

by:kunalclk
ID: 35079530
Oh! AD LDS is a type of AD then what is the use of it if we cannot apply features that in AD? You said it is for authentication and authorization, then why do we not use AD there. Distributed environment I cannot understand? Is it something like WAN connection where we require instant connection to the directory for authorization and authentication? How the AD LDS provides dedicated Directory Services? Was ADAM used in 2003 servers why has it been changed what are new features in AD LDS?
0
 
LVL 13

Expert Comment

by:connectex
ID: 35079889
Most directory services technologies (Microsoft Active Directory, Novell eDirectory) are based on the x.500 standard. LDAP was a designed to standardize and simplify directory services access. Here's a couple articles on X.500 - http://en.wikipedia.org/wiki/X.500 and LDAP - http://en.wikipedia.org/wiki/LDAP
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 2

Author Comment

by:kunalclk
ID: 35080691
I was asking about ad lds however connectex since you are relating to the LDAP then I can only understand it is a protocol for managing directories in any network. However I was cleared with schema concept thanx to this connectex. However it will be great now that you have started x.500 please tell x.500 statement X.500 is a series of computer networking standards covering electronic directory services. I also found this statement difficult"The primary concept of X.500 is that there is a single Directory Information Tree (DIT), a hierarchical organization of entries which is distributed across one or more servers, called Directory System Agents (DSA). An entry consists of a set of attributes, each attribute with one or more values. Each entry has a unique Distinguished Name, formed by combining its Relative Distinguished Name  (RDN), one or more attributes of the entry itself, and the RDNs of each of the superior entries up to the root of the DIT. As LDAP implements a very similar data model to that of X.500, there is further description of the data model in the article on LDAP."
Please tell me why in exchange at properties list we see x.500 instead on LDAP if still x.500.

0
 
LVL 13

Accepted Solution

by:
connectex earned 450 total points
ID: 35083635
"The primary concept of X.500 is that there is a single Directory Information Tree (DIT), a hierarchical organization of entries which is distributed across one or more servers, called Directory System Agents (DSA)."

Prior to X.500 based directories information was typically stored on a single server. NetWare 3.x is a great example. It stored all the user information on each server. Therefore if you needed access to three different servers the administrators have to create you a user account on each server. And update/delete them as needed. What a pain in the butt. X.500 changed this as now one user account can grant access to multiple servers and we no longer have the redundant entries to maintain or cleanup. In the Microsoft realm DSAs are called Domain Controllers (DCs). DCs store the all the Active Directory information for a domain. The sychronize the information to the other DCs within a domain so there's a additional copies in the event of a server failure and to provide DC services locally for a multi-site network.

"An entry consists of a set of attributes, each attribute with one or more values"

Remember X.500 is a concept / guidance not an exact design / deployment. The best way to explain X.500 is it's an inverted tree via series of objects. Object types are defined by a schema (example are user, group, organizational unit). Each object type has one of more attributes that the object can hold. An attribute is a piece of information it can track. An example of an attribute would be last name. A value would be the data stored in an attribute for a particular object. For example Smith for this user's last name. The schema defines what type of information each attribute can hold (alphanumberic in this case). It may also define a size limit (i.e. up to 30 characters). The schema can be updated to add new objects or expand on existing objects. Microsoft Exchange uses schema updates to add it's necessary objects. It adds the routing group object and extends the user object to store mail related attributes. Objects are either containers or leafs. Containers can hold other objects (organization units are the best example). A leaf is an end object (user or group). This is very similiar to file system's folders and files.

"Each entry has a unique Distinguished Name, formed by combining its Relative Distinguished Name  (RDN), one or more attributes of the entry itself, and the RDNs of each of the superior entries up to the root of the DIT"

Distinguished Name (DN) is an object's name in the tree structure. It may be unique for the entire directory tree. The DN is typically the name you use to manage it. JSmith for the user mentioned earlier. The Relative Distinguished Name is the complete path to find this object. For this example it's CN=JSmith.OU=Sales.OU=Midwest.OU=Contoso. This means JSmith (John Smith). CN is for Common Name and OU for Organizational Unit. So the JSmith's user object is in Sales OU which is in the Midwest OU, which is in the Contoso OU. It's actually again like a complete file system path but only backwards.
0
 
LVL 2

Author Closing Comment

by:kunalclk
ID: 35174072
Thnx
rajarshivp@gmail.com
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question