Understanding AD LDS Instances
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012
Active Directory Lightweight Directory Services (AD LDS) uses the same architecture—and even the same code base—as Active Directory Domain Services (AD DS). AD LDS provides a hierarchical data store, a directory service component, and interfaces that clients can use to communicate with the directory service. AD LDS does not require a domain controller or a Domain Name System (DNS) server.
The following illustration shows the relationships between the components of AD LDS.
.gif)
AD LDS manages the directory data store, responding to directory requests from directory clients and from other directory services. The AD LDS directory service runs in the security context of the account that is specified as the AD LDS service account. The AD LDS directory service provides all the following functions:
Authentication of directory users
Fulfillment of data requests
Data synchronization between directory servers (through multimaster replication)
Data management
AD LDS manages replication by grouping AD LDS instances into configuration sets. For more information about AD LDS replication, see Understanding AD LDS Replication and Configuration Sets.
The AD LDS directory service allows or denies access to clients based on credentials that the clients provide. AD LDS supports all the same authentication, or binding, methods as AD DS. For more information about authentication and data security, see Working with Authentication and Access Control.
AD LDS service account requirements vary, depending on the computer on which AD LDS is installed and also on the replication scenario. For more information, see Service Account Selection.
In AD LDS, a "service instance" (or, simply, "instance") refers to a single running copy of the AD LDS directory service. Multiple copies of the AD LDS directory service can run simultaneously on the same computer. (This is not true for AD DS.) Each instance of the AD LDS directory service has a separate directory data store, a unique service name, and a unique service description that is assigned during installation.