You use the Active Directory Lightweight Directory Services Setup Wizard to create AD LDS instances. First, however, you must carry out the following tasks:
Create a data drive on your server The server will be hosting directory stores; you must place these stores on a drive that does not contain the operating system .
Decide what name you will use when you create the instance Use meaningful names to identify instances, for example, the name of the application tied to an instance. The instance name identifies the instance on the local computer as well as naming the files that make up the instance and the service that supports it.
Create a group to contain the user accounts that will administer the instance The best practice for permission assignments is always to use groups even if only one account is a member of the group . If personnel changes, you can add or change group members without adding or changing permissions . Create a domain group if you are in a domain; otherwise, create a local group . Give the group the same name as the instance . This makes it easier to identify the group's purpose . Add your own account to the group as well as the service account you created earlier.
Decide the Active Directory application partition name you will use for the instance You must use a distinguished name (DN) to create the partition. For example, you could use CN=AppPartition1,DC=contoso,DC=internal. Depending on how you intend to use the instance, you might or might not need the application partition Application partitions control the replication scope for a directory store For example, when you integrate DNS data within the directory, AD DS creates an application partition to make DNS data available to appropriate domain controllers Application partitions for AD LDS can be created in one of three ways: when you create the instance, when you install the application that will be tied to the instance, or when you create the partition manually through the ldp.exe tool. If your application does not create application partitions automatically, create them with the wizard.
Decide which ports you will use to communicate with the instance AD LDS and AD DS use the same ports for communication . These ports are the default LDAP (389) and LDAP over Secure Sockets Layer (SSL), or Secure LDAP (636), ports. AD DS uses two additional ports, 3268, which uses LDAP to access the global catalog, and 3269, which uses Secure LDAP to access the global catalog. Because AD DS and AD LDS use the same ports, do not install both roles on the same server (although it is possible to do so). However, when the wizard detects that ports 389 and 636 are already in use, it proposes 50,000 and 50,001 for each port, and then proposes other ports in the 50,000 range for additional instances.
Was this article helpful?