Tuesday, April 12, 2016

Windows Server : Installing AD LDS

This is for Active Directory Lightweight Directory Service on Server 2016 Technical Preview 4.

Note that it is not specific to Server 2016. That's the one I used because this is in preparation for my next post.

AD LDS (aka ADAM) is a Lightweight Directory Service (a poor man's AD!) which is not domain bound and is used mainly for application attributes i.e. you can keep all the application specific stuff. Each application lives in a container. You can have many instances on one server and the schemas of each can be different.

As you may have guessed, TP4 allows ADFS to authenticate against a V3 LDAP of which AD LDS happens to be but one example.

So from Server Manager, Manage / Add Roles.

 
 Once complete, select the LDS wizard. (Also note ADSI Edit which we will use later).


Select "Unique Instance" Next.

Select a Name. I used "TP4-1". Next.


The default ports should show as 50000 and 50001 for the first instance. You can change them if you wish. Next.

Create a partition and give it a name. I used "CN=ADFS,DC=dev,DC=local". (dev.local is my domain). Next. Next.


I used the Network Service Account. Next.

I used the currently logged on user. Next.

Select the MS-User.LDF LDIF. Next.


Next out.

Now if you look in Services you will see:

Now we use ADSI Edit.

Action / Connect.

Now we need to add a user as below.

Right click on Roles, New Object. Choose "user"


Next.

Pick a user name e.g. adamuser1 and then Next out.

Right click on the user and choose "Reset Password". Enter the password twice.


Now double click on the user. (Or right click - Properties). I had:

cn = adamuser1
displayName = Adam User1
givenName = Adam
mail = adamuser1@dev.local
msDS-UserAccountDisabled = FALSE
name =  adamuser1
sn = User1
userPrincipalName = adamuser1@dev.local

and we are done!

From the cmd prompt, you can check:

C:\>dsdbutil
dsdbutil: list instances

Instance Name:         NTDS
LDAP Port:             389
SSL Port:              636
Install folder:        C:\Windows\NTDS
Database file:         C:\Windows\NTDS\ntds.dit
Log folder:            C:\Windows\NTDS
NTDS Mode    :         Active Directory Domain Controller Mode

Instance Name:         TP4-1
Long Name:             TP4-1
LDAP Port:             50000
SSL Port:              50001
Install folder:        C:\Windows\
Database file:         C:\Program Files\Microsoft ADAM\TP4-1\data\adamntds.dit
Log folder:            C:\Program Files\Microsoft ADAM\TP4-1\data
Service state:         Running

Enjoy!


No comments: