Configuring the Active Directory Lightweight Directory Services (Part 6)

If you would like to read the other parts in this article series please go to:

Introduction

In the previous article in this series, I gave you an overview of how replication works in an AD LDS environment. I want to conclude the series by talking more about how to configure replication between two or more AD LDS sites. Before I can do that however, I need to show you how to create an AD LDS site structure.

Defining an AD LDS Site

As strange as it may sound, the tool that you will use to create an AD LDS site is the Active Directory Sites and Services console. Even though this utility is primarily used for managing Active Directory environments, it can be used to manage Ad LDS sites almost as easily.

Begin the process by opening the Active Directory Sites and Services console. When the console opens, right click on the Active Directory Sites and Services container and select the Change Domain Controller command from the resulting shortcut menu. If you are performing this action from a domain controller then you will see a screen similar to the one that is shown in Figure A, which lists all of the known domain controllers. If you look carefully though, you will notice that the Change To section of the dialog box contains an option labeled This Domain Controller or AD LDS Instance.


Figure A: You will have to use the Active Directory Sites and Services console to create an AD LDS site structure.

At this point, you must select the This Domain Controller or AD LDS Instance option. You will notice that when you do this, nothing changes. The dialog box still displays the same list of domain controllers. However, if you look at the figure above, you will notice that just above the first domain controller is a line that says Type a Directory Server Name [:port] Here. You must click on this line and then type the Fully Qualified Domain Name (FQDN) of your AD LDS server followed by a colon and the port number that has been assigned to the instance that you want to connect to.

As you may recall, when you first created the instance, you were required to provide a name for the instance as well as an LDAP port number and an SSL port number, as shown in Figure B.


Figure B: The AD LDS Setup Wizard required you to assign a port number to the instance.

If you used the default settings then the first instance is named Instance1 and is assigned port number 50000, as shown above. If you create additional instances (and use the default settings) then you can figure out the port number by adding two to the port number for each instance that you create. For example, Instance2 would use a default port number of 50002 and Instance 3 would use 50004.

For right now, we must type the server’s fully qualified domain name (not the instance name), and the port number that has been assigned to the instance that you want to connect to. For example, I installed AD LDS onto a domain controller named Lab-DC2 in a domain named lab.com. Therefore, if I wanted to connect to the default instance (using the default port number), I would type:

Lab-dc2.lab.com:50000

When you click OK, you will see a message similar to the one shown in Figure C, asking you if you want to use a different forest rooted domain. Even though we aren’t technically connecting to an Active Directory domain, go ahead and click Yes. You will now be connected to the AD LDS instance.


Figure C: You must click Yes to connect to the AD LDS instance.

Creating AD LDS Sites

Now that we have connected to the AD LDS instance, it is time to define a site topology. Generally speaking, the site structure that you create should mimic your network topology, with each site link corresponding to a WAN link. If there is high speed (LAN) connectivity between two AD LDS instances then those instances should be placed within a common site.

To create a site, just right click on the Sites container in the Active Directory Sites and Services console, and choose the New Site command from the resulting shortcut menu. When you do, you will be prompted to specify a name for the site that you are creating. You will also be prompted to select a site link for the site to use to connect to other sites, as shown in Figure D. Microsoft provides you with a default site link (which is named DEFAULTSITELINK), but you have the option of creating additional site links if you choose.


Figure D: You must provide Windows with a site name and choose a site link to associate with the site.

When you click OK, the site will be created. However, you will see a message telling you that you have some more work to do. As you can see in Figure E, you must still link the site to some other sites, and associate one or more subnets with the site. The dialog box also tells you that you must install or move one or more domain controllers into the site. However, this message is incorrect. The message is displayed because AD LDS assumes that you are working in an Active Directory environment. Since we are working with AD LDS, domain controllers are not technically required. You must however, move your AD LDS instances into sites.


Figure E: You still have some configuration work to do.

Assigning Subnets

As I explained earlier, each Active Directory site should correspond to a different subnet. To provide AD LDS with the subnet information for you network, expand the Sites container and then right click on the Subnets container and choose the New Subnet option from the shortcut menu.

You must enter a subnet prefix, as shown in Figure F. The Prefix that you enter will also be listed as the Prefix Name in Active Directory Domain Services, but in reality it will be limited to the Configuration Set. Finally, you must choose a site to associate with the IP address prefix, as shown in the figure below.


Figure F: You must assign an IP address prefix to each site.

Moving a Server to a Different Site

By default, each of your AD LDS servers are placed into a site named Default-First-Site-Name. If you are going to be using a multi-site configuration then you will need to move the servers from the default site and into the appropriate site. For example, you saw in the previous figure that I named my sites after various American cities, which represent the geographic locations of the AD LDS servers. Therefore, the next step would be to move my AD LDS instances from the default location and into the site that corresponds with the appropriate city.

To move a server, simply expand the site container and select the Servers container beneath it. Right click on the listing for the server and choose the Move command from the shortcut menu. When you do, you will see a dialog box asking you which site you want to move the instance into, as shown in Figure G. Make your selection and click OK to move the instance.


Figure G: Select the site that you want to move the instance into, and click OK.

Conclusion

In this article, I have shown you how to create AD LDS sites and how to move AD LDS instances into a site. In Part 7, I will conclude the series by showing you how to configure AD LDS replication between the sites that you have created.

If you would like to read the other parts in this article series please go to:

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top