Module 12: Designing an AD LDS Implementation. AD LDS Usage AD LDS is most commonly used as a solution to the following requirements: Providing an LDAP-based.

Slides:



Advertisements
Similar presentations
Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
Advertisements

Implementing and Administering AD DS Sites and Replication
Module 14: Implementing an Active Directory Infrastructure.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Lesson 16: Configuring Domain Controllers
Module 10: Troubleshooting Active Directory, DNS, and Replication Issues.
Module 10: Troubleshooting AD DS, DNS, and Replication Issues.
Active Directory: Final Solution to Enterprise System Integration
Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Understanding Active Directory
Understanding Active Directory
Chapter 7 WORKING WITH GROUPS.
ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS
Module 1: Installing Active Directory Domain Services
Module 1: Installing Active Directory Domain Services
Configuring File Services Lesson 6. Skills Matrix Technology SkillObjective DomainObjective # Configuring a File ServerConfigure a file server4.1 Using.
Overview of Active Directory Domain Services Lesson 1.
Nassau Community College
Chapter 12: Additional Active Directory Server Roles
11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.
Exploring Directory Services. Need for DS Multiple servers, multiple services in single network –Multiple servers for reliability, security, optimizing.
Module 1 Introduction to Managing Microsoft® Windows Server® 2008 Environment.
Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Module 12: Designing High Availability in Windows Server ® 2008.
Module 8 Configuring and Securing SharePoint Services and Service Applications.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 6: Designing Active Directory Security in Windows Server 2008.
Chapter 7: WORKING WITH GROUPS
Designing Active Directory for Security
Module 2 Designing Microsoft® Exchange Server 2010 Integration with the Current Infrastructure.
Maintaining Active Directory Domain Services
Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.
Module 8: Implementing the Placement of Domain Controllers.
Session 7 Windows Platform Eng. Dina Alkhoudari. Learning Objectives Active Directory review Managing users and groups Single Master Operations Delegation.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
1 Administering Shared Folders Understanding Shared Folders Planning Shared Folders Sharing Folders Combining Shared Folder Permissions and NTFS Permissions.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Module 11: Read-Only Domain Controllers. Overview Describe the Read-Only Domain Controllers role Use Read-Only Domain Controllers.
Module 6: Designing Name Resolution. Module Overview Collecting Information for a Name Resolution Design Designing a DNS Server Strategy Designing a DNS.
Configuring File Services. Using the Distributed File System Larger enterprises typically use more file servers Used to improve network performce Reduce.
Global Catalog and Flexible Single Master Operations (FSMO) Roles
Introduction to Active Directory Domain Services
Module 1: Implementing Active Directory ® Domain Services.
Windows Server 2003 La migrazione da Windows NT 4.0 a Windows Server 2003 Relatore: MCSE - MCT.
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
Module 3 Creating Groups and Organizational Units.
DNS DNS overview DNS operation DNS zones. DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 11: Designing an Active Directory Federation Services Implementation in Windows Server 2008.
Module 3 Planning for Active Directory®
Installing a Domain Controller
Introduction to Active Directory
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
Module 10: Identity and Access Services in Windows Server 2008 Active Directory.
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Overview of Active Directory Domain Services Lesson 1.
Configuring File Services
Assignment # 8.
Implementing Active Directory Domain Services
Global Catalog and Flexible Single Master Operations (FSMO) Roles
Active Directory Administration
Unit 3 NT1330 Client-Server Networking II Date: 1/6/2016
Global Catalog and Flexible Single Master Operations (FSMO) Roles
Unit 6 NT1330 Client-Server Networking II Date: 7/19/2016
Presentation transcript:

Module 12: Designing an AD LDS Implementation

AD LDS Usage AD LDS is most commonly used as a solution to the following requirements: Providing an LDAP-based application directory Providing an extranet authentication store Consolidating identity systems Providing a schema development environment for AD DS Providing a configuration store for distributed applications in Windows Server Migrating legacy directory-enabled applications

Extranet Authentication Scenarios AD LDS can be used as an extranet authentication service in the following scenarios: Hosting user objects that are not Windows Security principals Using AD LDS as the authentication store with corporate account credentials provisioned on instance Deploying AD LDS as an extranet authentication store for AD FS

Lesson 2: Overview of an AD LDS Implementation Design Key Sizing Factors for AD LDS Servers AD LDS Replication Scenarios Integration of AD LDS with AD DS

Key Sizing Factors for AD LDS Servers When determining the size of your AD LDS implementation, follow these guidelines: If server performance is less important than the number of deployed servers, consider deploying multiple instances on one computer For best performance, deploy instances on separate computers Use x64 hardware and operating system Allocate sufficient CPU power for processing queries Allocate enough memory to cache the entire database

AD LDS Replication Scenarios Key points for AD LDS replication: AD LDS instances replicate data based on participation in a configuration set (CS) AD LDS replicates on an independent schedule from AD DS AD LDS instances in a CS can replicate any number of application directory partitions Directory partitions cannot be replicated between AD LDS instances and AD DS domain controllers Use AD LDS replication in the following scenarios: Providing load balancing Providing fault tolerance for AD LDS data Spanning multiple geographical location

Integration of AD LDS with AD DS To integrate AD LDS with AD DS, follow these guidelines: Use AD DS groups to assign permissions in AD DS whenever possible Ensure that AD LDS users with AD DS accounts can be authenticated against an AD DS domain controller Implement synchronization between AD DS and AD LDS to simplify management Use user proxy objects Synchronize data from an AD DS forest to a CS of an AD LDS instance with Adamsync.exe

Lesson 3: Designing AD LDS Schema and Replication Replication of AD LDS Data Planning AD LDS Replication Traffic across WAN Links AD LDS Sites and Site Links Guidelines for Designing AD LDS Schema and Replication

Replication of AD LDS Data AD LDS uses multimaster replication: All instances are writable Changes on one instance are replicated to the other instances AD LDS servers replicate changes to all servers Client adds “User 2” on Server 1 Client modifies “User 1” display name on Server 2 Server 2 Server 1 Server 3

You can view, grant, and deny access control on an object-by-object basis by using: Authentication and Authorization in AD LDS You can bind to an AD LDS instance: As an AD LDS security principal As a Windows security principal Through an AD LDS proxy object Dsacls LDP.exe