To determine whether you must use AD DS to support an application or whether you can (and should) use AD LDS, you need to understand the functional differences between the two services. AD DS supports directory-enabled applications that extend the AD DS schema. If this functionality is not required, consider AD LDS .
For example, all user information in Microsoft Exchange Server 2007 is provided by the directory and, when you install this application, it significantly extends the AD DS schema. Adding to the schema for an application such as Exchange Server is appropriate because it provides a core networking service . AD LDS is not the correct choice in this case.
If, however, you add an object or an attribute to the AD DS schema, it is added forever and cannot be removed (although it can be deactivated or renamed and reused). Microsoft recommends that for less mission-critical applications, especially applications that are provided by third-party software manufacturers, avoid expanding the schema. In other words, use AD LDS rather than AD DS
AD LDS, unlike AD DS, can support multiple AD LDS instances on a single server. It can meet the requirements of any directory-enabled application and provide instances on an application-by-application basis . You can differentiate between instances by instance name, which is typically based on the name of the application the instance supports (for example, MyApp_Instance). You do not need Enterprise Administrator or Schema Administrator credentials to work with AD LDS, as you do with AD DS . AD LDS can run on member or standalone servers, and you require only local administration access rights to manage it . It can also be used in a perimeter network to provide application or Web authentication services .
When you install AD LDS on a server, it does not change the configuration of the server to the extent that AD DS does when you create a domain controller AD LDS is an application and, when you install it, you do not need to reboot the server
For the Windows Server 2008 upgrade examinations, you need to understand what constitutes an AD LDS instance, how AD LDS instances should be used, and what their relationship is or can be with AD DS directories . You need to know how to install and configure the AD LDS service .
AD LDS instances are based on the Lightweight Directory Access Protocol (LDAP) and provide hierarchical database services. LDAP directories are optimized for specific purposes and should be used whenever you need to rely on fast lookups of information that will support given applications .
Was this article helpful?