Install and manage Active Directory Federation Services Active Directory Federation Services allows you to control access to resources within your organization. When using AD FS, you do not have to create the traditional trust relationships between your forest and an external organization's forest; you can use web-based access rights to manage who is allowed to access the resources. Both organizations have to create the federated access, but once it's in place, it is much easier to maintain than the traditional methods.
Master It Jamie is configuring the resource-partner side of the AD FS installation. The partner organization is going to be responsible for the account-partner side of the solution. Jamie is trying to decide which of the Certificate Services options she would like to use. Should she create her own certificate using her own root certification authority, use a certificate signed by a third-party root certification authority (CA), or use a self-signed certificate?
Install and manage Active Directory Lightweight Directory Services Applications and services can use Active Directory Domain Services as a storage location for configuration information and data. However, to do so usually entails extending the Active Directory schema. Instead, you can use Active Directory Lightweight Directory Services to create a new directory-service container to use for application and service storage. As a bonus, the AD LDS container can be replicated to only the systems that need to host it instead of being hosted on all of the domain controllers.
Master It Nick needs a configuration database for an application he is developing. He wants a local copy of the database on system where the application is installed. What criteria should he consider when determining whether he will use AD DS or AD LDS for his application?
Use DSDBUtil to manage Active Directory Lightweight Directory Services AD DS has the
NTDSUtil utility for managing the database. To manage the AD LDS database, you use the DSD-BUtil utility.
Master It DeAnn needs to change the SSL port used when accessing an AD LDS instance so that it meets the company's new communication standards. How would she make the change so that SSL communications uses port 58445?
Was this article helpful?