AD LDS is based on AD DS but does not include all the features of AD DS . Both AD LDS and AD DS rely on multimaster replication for data consistency and support the LDAP application programming interface (API) and the Active Directory Services Interface (ADSI) APIs. Both services support schema extensions and application directory partitions . Both can install a replica from removable media and are integrated into the Windows Server 2008 backup tools . Both services support object-level security and delegation of administration . Although both AD DS and AD LDS can run on a domain controller, Microsoft recommends that you run AD LDS on a member or standalone server. You can start and stop both services without rebooting the computer, but AD DS, unlike AD LDS, requires a reboot after installation or removal.
Unlike AD LDS, AD DS can include security principals to provide access to a Windows Server network and includes a global catalog; it can manage objects such as workstations, member servers, and domain controllers; and it supports and integrates with public key infrastructures (PKIs) and X .509 certificates . Again, unlike AD LDS, AD DS supports Group Policy, the Messaging API (MAPI), trusts between domains and forests, and Domain Name System (DNS) service (SRV) records for locating directory services. AD DS can authenticate domain security principals to provide access to applications and Web Services, whereas AD LDS can be used for Web authentication but does not support domain security principals .
Unlike AD DS, AD LDS can include more than one instance on a server and supports independent schemas for each instance. This enables the service to support schema extensions without amending the AD DS schema. Under AD LDS, directory partitions can rely on X.500 naming conventions, and the service can be installed or removed without a reboot . AD LDS runs on client operating systems such as Windows Vista or Windows Server 2008 member or standalone servers.
In summary, AD LDS provides much of the same functionality as AD DS but does not amend the AD DS schema. In some cases (for example, in Exchange Edge Transport servers),
AD LDS can replicate data from AD DS for local storage, but it cannot access Active Directory features such as Group Policy. You can install several AD LDS instances on a server, and each instance has its independent schema. As its name implies, AD LDS is a lightweight version of AD DS
1. Can you install both AD LDS and AD DS on a computer with a client operating system?
2. Do both AD LDS and AD DS support schema extensions and application directory partitions?
3. Do both AD LDS and AD DS support object-level security and delegation of administration?
4. Can both AD LDS an AD DS be installed without a reboot? Quick Check Answers
1. No, you can install AD LDS on a computer with a client operating system. AD DS needs to run on a domain controller.
2. Yes, both AD LDS and AD DS support schema extensions and application directory partitions.
3. Yes, both AD LDS and AD DS support object-level security and delegation of administration.
4. No, you can install AD LDS without a reboot, but you must reboot when you install AD DS.
Was this article helpful?