locked
LDS role on non-domain controller RRS feed

  • Question

  • Quick question about requirements for LDS role:

    Is it best to install the LDS role on a domain controller or can I get away with a domain-joined non-DC?

    Thanks for any help you can offer.

    Tuesday, March 17, 2015 4:55 PM

Answers

All replies

  • Quick question about requirements for LDS role:

    Is it best to install the LDS role on a domain controller or can I get away with a domain-joined non-DC?

    Thanks for any help you can offer.

    Nope. Chose a dedicated server/workgroup/workstation/client/laptop/Xbox for it. :D

    No recommended to have LDS on the same server which holds domain controller role. Firstly they both kinda share the semi-same goal. AD LDS is mostly used to have a consolidated view of user objects from multiple trusted domains into a single view for applications. Also another reason is, once they break into your LDS they have access to NTDS because they are on the same server. So I say 'Naa' to your question my friend.


    Mahdi Tehrani   |     |   www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.

    • Proposed as answer by Mahdi Tehrani Sunday, March 22, 2015 11:34 AM
    Tuesday, March 17, 2015 6:04 PM
  • Quick question about requirements for LDS role:

    Is it best to install the LDS role on a domain controller or can I get away with a domain-joined non-DC?

    Thanks for any help you can offer.

    Nope. Chose a dedicated server/workgroup/workstation/client/laptop/Xbox for it. :D

    No recommended to have LDS on the same server which holds domain controller role. Firstly they both kinda share the semi-same goal. AD LDS is mostly used to have a consolidated view of user objects from multiple trusted domains into a single view for applications. Also another reason is, once they break into your LDS they have access to NTDS because they are on the same server. So I say 'Naa' to your question my friend.



    Great!!  Cause all I could find were instructions on how to install LDS on a DC.  Can you think of anything special that I might need to do during/post install, or should I just follow the technet instructions?
    Tuesday, March 17, 2015 7:17 PM
  • Hi,

    According to the MS article:

    AD LDS provides much of the same functionality as AD DS, but it does not require the deployment of domains or domain controllers.

    AD LDS provides directory services specifically for directory-enabled applications. AD LDS does not require or rely on AD DS domains or forests. However, in environments where AD DS exists, AD LDS can use AD DS for the authentication of Windows security principals.

    Detailed information for AD LDS:

    https://technet.microsoft.com/en-us/library/cc733064(v=ws.10).aspx

    Regards.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    • Proposed as answer by Mahdi Tehrani Sunday, March 22, 2015 11:34 AM
    Wednesday, March 18, 2015 8:02 AM
  • Are there any server 2012 docs/instructions?  I can only find stuff for server 2008.

    Thanks.

    Wednesday, March 18, 2015 3:46 PM
  • My ultimate goal is to use it for user authentication for apps like Blackboard.
    Wednesday, March 18, 2015 3:57 PM
  • Hi,

    Active Directory Lightweight Directory Services Overview for windows server 2012:

    https://technet.microsoft.com/en-us/library/cc754361(v=ws.10).aspx

    Regards.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    • Proposed as answer by Vivian_Wang Wednesday, March 25, 2015 5:14 AM
    • Marked as answer by Vivian_Wang Wednesday, April 1, 2015 9:35 AM
    Tuesday, March 24, 2015 7:35 AM