Active Directory Lightweight Directory Services Operations Guide

Applies To: Windows Server 2008

Active Directory® Lightweight Directory Services (AD LDS) is a Lightweight Directory Access Protocol (LDAP) directory service that provides flexible support for directory-enabled applications, without the dependencies that are required for Active Directory Domain Services (AD DS). AD LDS provides much of the same functionality as AD DS, but it does not require the deployment of domains or domain controllers. You can run multiple instances of AD LDS concurrently on a single computer, with an independently managed schema for each AD LDS instance. For more information, see Active Directory Lightweight Directory Services Overview.

The Active Directory Lightweight Directory Services Operations Guide provides administering information for AD LDS technologies in the Windows Server® 2008 operating system. This information includes detailed procedures for managing AD LDS instances, directory partitions, sites, replication and configuration sets, users, and groups.

In this guide

Important

You may experience issues with network services that depend on the User Datagram Protocol (UDP) after you install the Domain Name System (DNS) Server service security update 953230 (MS08-037) and then restart the computer on which you are running AD LDS instances. The DNS Server service security update 953230 allows the DNS server to randomly allocate 2500 UDP ports from ephemeral port range of 49152 to 65535. For more information, see Microsoft Security Bulletin MS08-037 – Important: Vulnerabilities in DNS Could Allow Spoofing (953230) (https://go.microsoft.com/fwlink/?LinkId=148634). To mitigate any problems that the installation of this security update might cause, see AD LDS service start fails with error "setup could not start the service..." + error code 8007041d (https://go.microsoft.com/fwlink/?LinkID=145140).

Note

If you install security update 951746 on your Windows Server 2008 R2–based and Windows Server 2008–based computers, the DNS server’s method of port allocation changes, and this change might prevent AD LDS from obtaining the port that it requires to function correctly. For more information, see article 959215 in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=157712).

Acknowledgments

Produced by: Microsoft Directory and Access Services (DAS) IT Pro Content Team

Writer: Gayana Bagdasaryan

Editors: Jim Becker, Fran Tooke

Technical reviewers: Omar Sinno, Matthew Rimer, Andy Siow