Make note of the default ports (in particular, 389 and 636) because they are likely to be tested in the examination, even though you should avoid using them in production environments.
Select or create a service account to run the instance You can use the Network Service account, but if you intend to run multiple instances, it might be best to use named service accounts for each instance . Remember to follow the service accounts guidelines and requirements listed in the Service Accounts Guidelines and Requirements sidebar.
Service Account Guidelines and Requirements
You should use the following guidelines when creating a service account to run an AD LDS instance:
■ Create a domain account if you are in a domain; otherwise (for example, in a perimeter network), use a local account.
■ Name the account with the same name as the instance.
■ Assign a complex password to the account.
■ Set User Cannot Change Password in the account properties. You assign this property to ensure that no one can appropriate the account.
■ Set Password Never Expires in the account properties. You assign this property to ensure that the service does not fail because of password policy.
■ Assign the Log On As A Service user right in the Local Security Policy of each computer that will host the instance.
■ Assign the Generate Security Audits user right in the Local Security Policy of each computer that will host this instance. This supports account auditing.
Create any additional LDIF files you need for the instance Place these files in the %SystemRoot%\ADAM folder. These files will be imported during the creation of the instance. Importing LDIF files extends the schema of the instance you are creating to support additional operations. For example, to synchronize AD DS with AD LDS, you would import the MS-AdamSyncMetadata.ldf file. If your application requires custom schema modifications, create the LDIF file ahead of time and import it as you create the instance . Note that you can always import LDIF files after the instance is created. The following LDIF files are available by default:
■ MS-adamschemaw2k3.ldf A prerequisite for synchronizing an instance with Active Directory directory services in Windows Server 2003.
■ MS-adamschemaw2k8.ldf A prerequisite for synchronizing an instance with AD DS in Windows Server 2008.
■ MS-AdamSyncMetadata.ldf Synchronizes data between an AD DS forest and an AD LDS instance through ADAMSync.
■ MS-ADAM-Upgrade-1.ldf Upgrades the AD LDS schema to the latest version.
■ MS-ADLDS-DisplaySpecifiers.ldf Required for Active Directory Sites And Services snap-in operation
■ MS-AZMan.ldf Required to support the Windows Authorization Manager.
■ MS-InetOrgperson.ldf Creates inetOrgPerson user classes and attributes .
■ MS-User.ldf Creates user classes and attributes .
■ MS-Userproxy.ldf Creates a simple userProxy class .
■ MS-UserproxyFull.ldf Creates a full userProxy class . You need to import MS-UserProxy. ldf first .
Was this article helpful?