in my learning of AD DS Ecosystem I came across with this definition [link]:
By using the Windows Server® 2008 Active Directory® Lightweight Directory Services (AD LDS) role, formerly known as Active Directory Application Mode (ADAM), you can provide directory services for directory-enabled applications without incurring the overhead of domains and forests and the requirements of a single schema throughout a forest.
I don't quite understand what does it mean last sentence. The last month I started with AD DS for the very first time and now I'm securing a lot of meanings. I'm showing and summarizing you what I know and what I understand, so you can get an idea of my current knowledge:
- Directory: the structure.
- Directory Service: manager of a directory. Like a database manager but designed and enhanced for directories. X.500 is the most accepted and known standard set of protocols to define directory services.
- LDAP: most accepted and known protocol to define directory services that work over a TCP/IP network.
- AD
AD is a Microsoft database to store user logon and group information, and
configuration information that drives group policy and other
application software.
(Active Directory explained) AD DS:
Microsoft's Directory Server.
(What is Active Directory Domain Services and how does it work?)Set of services and applications provide for Microsoft to administrate resources, users, authentications, authorizations, etc. over a network.
- AD LDS: directory service belonging to AD DS.
- AD definitions I already know too: domain, domain controller, tree, forest and namespace.
- Schema: it defines object classes structures within a directory.
- Directory-enabled application:
A directory-enabled application is an application that uses a naming
or directory service.
(http://docs.oracle.com/javase/jndi/tutorial/getStarted/concepts/java.html)
Now, what does "you can provide directory services for directory-enabled applications without incurring the overhead of domains and forests and the requirements of a single schema throughout a forest." mean? What is a single-schema? Why is this an advantage?
Thanks in advance.
Answer
AD LDS can provide you with an LDAP solution that can refer to the windows authentication available in your active directory environment, but does not require replication.
In other words, there are no schema changes required to install AD LDS for an LDAP enabled application. As such you can install several AD LDS connected applications, which each have their own directory data stored locally, with it's own schema without affecting the main directory schema.
The advantage being that you don't need to replicate anything to your main schema, and lower replication traffic as a result.
Relevant quote from the microsoft documentation:
AD LDS can store “private” directory data, which is relevant only to the application, in a local directory service—possibly on the same server as the application—without requiring any additional configuration to the server operating system directory. This data, which is relevant only to the application and which does not have to be widely replicated, is stored solely in the AD LDS directory that is associated with the application. This solution reduces replication traffic on the network between domain controllers that serve the server operating system directory. However, if necessary you can configure this data to be replicated between multiple AD LDS instances.
No comments:
Post a Comment