Step 5: Practice Working with Application Directory Partitions

Applies To: Windows Server 2008

The Active Directory Lightweight Directory Services (AD LDS) directory store is organized into logical directory partitions. There are three different types of directory partitions:

  • Configuration directory partitions

  • Schema directory partitions

  • Application directory partitions

Each AD LDS directory store must contain a single configuration directory partition and a single schema directory partition. The directory store can contain zero or more application directory partitions.

Application directory partitions hold the data that your applications use. You can create an application directory partition during AD LDS setup or anytime after installation. For more information about how to create an application directory partition during AD LDS setup, see the procedure "To create a new AD LDS instance by using the Active Directory Lightweight Directory Services Setup Wizard" in Step 2: Practice Working with AD LDS Instances.

Manual tasks for managing an application directory partition include the following:

  • Create an application directory partition

  • Delete an application directory partition

Create an application directory partition

You can use Ldp.exe to add a new application directory partition to an existing AD LDS instance.

Membership in the Administrators group of the AD LDS instance is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477). By default, the security principal that you specify as the AD LDS administrator during AD LDS setup becomes a member of the Administrators group in the configuration partition.

To add an application directory partition to an existing AD LDS instance

  1. Open Ldp.exe, and then connect and bind to an AD LDS instance. For more information about how to connect and bind to an AD LDS instance with Ldp.exe, see the procedure "To manage an AD LDS instance using Ldp.exe" in Step 3: Practice Using AD LDS Administration Tools.

  2. On the Browse menu, click Add child.

  3. In Dn, type a distinguished name for the application partition.

    For this exercise, type cn=test,o=testpartition,c=us as the distinguished name for the new application directory partition.

  4. Under Edit entry, type ObjectClass in the Attribute box and domainDNS in the Values box, and then click Enter.

  5. Under Edit entry, type instanceType in the Attribute box and 5 in the Values box, and then click Enter.

  6. Click Run.

    After the new application directory partition is added, the following information appears in the details pane:

    Added {cn=test,o=testpartition,c=us}.
    
  7. Click Close.

  8. To refresh Ldp.exe and view your new directory partition, you must disconnect and then bind again to the AD LDS instance. On the Connection menu, click Disconnect.

  9. Bind to your AD LDS instance as you did previously.

  10. To view the directory tree in Ldp.exe, on the View menu, click Tree.

  11. To view all directory partitions on the AD LDS instance, leave BaseDN blank, and then click OK.

  12. To view your new directory partition and its default containers and objects, in the console tree, double-click CN=test,O=testpartition,C=US.

You can also create AD LDS application directory partitions by running Dsmgmt.exe. For more information about Dsmgmt, see Dsmgmt (https://go.microsoft.com/fwlink/?LinkId=96303).

Delete an application directory partition

You can use Ldp.exe to delete an application directory partition from an existing AD LDS instance.

Membership in the Administrators group of the AD LDS instance is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477). By default, the security principal that you specify as the AD LDS administrator during AD LDS setup becomes a member of the Administrators group in the configuration partition.

To delete an application directory partition from an existing AD LDS instance

  1. Open Ldp.exe, and then connect and bind to an AD LDS instance. For more information about how to connect and bind to an AD LDS instance with Ldp.exe, see the procedure "To manage an AD LDS instance using Ldp.exe" in Step 3: Practice Using AD LDS Administration Tools.

  2. In the console tree, double-click the configuration directory partition CN=Configuration,CN={GUID}, where GUID is the globally unique identifier (GUID) that is assigned by AD LDS.

  3. To view the cross-reference objects for the directory partitions on your AD LDS instance, in the console tree, double-click the partitions container CN=Partitions.

  4. In the console tree, under the partitions container CN=Partitions, double-click the cross-reference objects until you find the one for which the value of nCName (as viewed in the details pane) is equal to CN=test,O=testpartition,C=US.

  5. To delete this cross-reference object (and, therefore, the associated directory partition), right-click it in the console tree, click Delete, and then click OK.

Warning

You cannot undo a partition deletion after you click OK.

  1. After you delete the cross-reference object, output similar to the following appears in the details pane:

    ldap_delete_s(ld, "CN=56c5aea2-5cb1-450a-96f0-5622cd949791,CN=Partitions,CN=Configuration,CN={90BF4692-0FF5-4410-8835-DCBBEE6E08B1}");
    Deleted "CN=56c5aea2-5cb1-450a-96f0-5622cd949791,CN=Partitions,CN=Configuration,CN={90BF4692-0FF5-4410-8835-DCBBEE6E08B1}"
    
  2. To refresh Ldp.exe and make sure that you successfully deleted your test directory partition, you must disconnect and then bind again to the AD LDS instance. On the Connection menu, click Disconnect.

  3. Bind to your AD LDS instance as you did previously.

  4. To view the directory tree in Ldp.exe, on the View menu, click Tree.

  5. To view all directory partitions on the AD LDS instance, leave BaseDN blank, and then click OK. CN=test,O=testpartition,C=US should be gone from the console tree.

You can also remove AD LDS application directory partitions by running Dsmgmt.exe. For more information about Dsmgmt, see Dsmgmt (https://go.microsoft.com/fwlink/?LinkId=96303).