Administering AD LDS Directory Partitions

Applies To: Windows Server 2008

This guide provides administrators with step-by-step instructions to manage Windows Server 2008 Active Directory Lightweight Domain Services (AD LDS) directory partitions.

Creating directory partitions

The schema and configuration directory partitions are created automatically during installation of an AD LDS instance. (Configuration and schema partitions can only be created during an AD LDS installation.) If you choose to join the AD LDS instance being installed to an existing configuration set, the schema and configuration directory partitions from an AD LDS instance in the configuration set are replicated to the new instance. If you install a new AD LDS instance, the installation process creates default versions of the schema and configuration directory partitions for you. If you install an AD LDS instance from media, the schema and configuration directory partitions for the new AD LDS instance are replicas of the directory partitions from the media.

When you install a new AD LDS instance, you can also choose to replicate one or more application directory partitions from an existing AD LDS instance. Or, you can specify the creation of a new application partition. When you create a new application directory partition during installation, you must specify a unique distinguished name for the partition. The new application directory partition consists only of a partition container object with the distinguished name that you specify.

You can create an application directory partition during setup. You can also create application directory partitions at any time after installation, either through AD LDS administration tools or through your directory-enabled application. In production environments, you typically manage your application directory partitions and the data that they contain through your directory-enabled applications.

Naming directory partitions

Each AD LDS directory partition has its own, unique distinguished name. AD LDS supports both Domain Name System (DNS)-style and X.500-style names for top-level directory partitions. This includes the distinguished name components that are listed in the following table.

Distinguished name attribute Meaning

C=

Country/region

CN=

Common name

DC=

Domain component

L=

Location

O=

Organization

OU=

Organizational unit

Specifying a default naming context

By default, an AD LDS instance does not provide a default naming context. You can, however, configure AD LDS to provide a default naming context, when you specify a value for the msDS-defaultNamingContext attribute on the NTDSA object, at:

This msDS-defaultNamingContext attribute contains no value by default. If a value is set in the attribute, that value is returned to a client through the defaultNamingContext attribute of the rootDse object when the rootDse object is read.

When a bind is requested on the rootDSE object, AD LDS returns the value of defaultNamingContext, if the msDS-defaultNamingContext attribute on the NTDSA object is set to the distinguished name of a top-level container of an instantiated naming context. Otherwise, no value is returned.

In this guide