1 / 31

Module 14

Module 14. Implementing and Administering AD LDS . Module Overview. Overview of AD LDS Deploying AD LDS Configuring AD LDS Instances and Partitions Configuring AD LDS Replication. Lesson 1: Overview of AD LDS. What Is AD LDS? AD LDS Deployment Scenarios Discussion: AD LDS or AD DS?.

milo
Télécharger la présentation

Module 14

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 14 Implementing and Administering AD LDS

  2. Module Overview • Overview of AD LDS Deploying AD LDS Configuring AD LDS Instances and Partitions Configuring AD LDS Replication

  3. Lesson 1: Overview of AD LDS • What Is AD LDS? AD LDS Deployment Scenarios Discussion: AD LDS or AD DS?

  4. What Is AD LDS? • ADLDS is: • An LDAP-based directory service • Used for applications • ADLDS can be more flexible than AD DS because: • You can run multiple instances of ADLDS on a single computer • A DNS infrastructure is not required • You can modify ADLDS to meet specific application requirements

  5. AD LDS Deployment Scenarios • ADLDS is used most commonly in the following usage scenarios: • Providing an LDAP-based application directory • Providing an extranet authentication store • Consolidating identity systems • Providing a development environment forADDS • Providing a configuration store for distributed applications • Migrating legacy directory-enabled applications

  6. Discussion: AD LDS or AD DS? AD LDS or AD DS for: • Creating a phone book application? • Creating an ordering application? • Deploying Exchange Server 2013? • Splitting into two separate companies?

  7. Lesson 2: Deploying AD LDS • Components of AD LDS Demonstration: Installing the AD LDS Server Role AD LDS Schema Client Connections to AD LDS AD LDS SPNs AD LDS Service Publication

  8. Components of AD LDS An AD LDS deployment consists of the following components: • Instance • Database • Partitions • Schema

  9. Demonstration: Installing the AD LDS Server Role In this demonstration, you will learn how to install the AD LDS server role

  10. AD LDS Schema • An AD LDS schema defines the types of objects and data that can be used by an instance • The schema is stored in a configuration set

  11. Client Connections to AD LDS To connect to ADLDS, you: • Can use LDAP or LDAP over SSL • Must use the port numbers assigned to the ADLDS instance • Must configure the IP address or DNS name of the ADLDS server To secure client connections to ADLDS: • Install a digital certificate on the server • Configure clients to use LDAP over SSL to connect to the server

  12. AD LDS SPNs

  13. AD LDS Service Publication Service publication is the act of sending service information about ADLDS to ADDS. which helps client computers locate information about the ADLDS service. The process steps are: Publish a service connection point to ADDS 1 ADLDS (domain joined) ADDS Query ADDS for service connection points Query DNS for ADLDS 2 3

  14. Lesson 3: Configuring AD LDS Instances and Partitions • What Is an AD LDS Instance? Demonstration: Creating AD LDS Instances AD LDS Authentication and Authorization How Access Control Works in AD LDS Demonstration: Creating a User in AD LDS What Is an AD LDS Partition?

  15. What Is an AD LDS Instance? Instance 1 Partition Admin 1 D:\App1 Schema ADLDS Server Instance 2 D:\App2 Partitions Schema Admin 2

  16. Demonstration: Creating AD LDS Instances In this demonstration, you will learn how to create an AD LDS instance on one server

  17. AD LDS Authentication and Authorization Internetor Partner Network Application Server Web Server AD LDS Server Perimeter Internal Network Authentication AD DS

  18. How Access Control Works in AD LDS • Access control is used to limit the information that users can access in ADLDS partitions • ADLDS provides access control that: • Authenticates the identity of all users • Uses ACLs to determine if users have permissions to access specific objects • ADLDS uses access control to restrict access to ADLDS data

  19. Demonstration: Creating a User in AD LDS In this demonstration, you will learn how to create a user account in AD LDS

  20. What Is an AD LDS Partition? • An ADLDS application partition holds the data that is used by an application • A single ADLDS Instance: • Multiple application directory partitions can be created in each AD LDS instance. However, each partition shares a single schema Application Partition 1 Configuration Partition Schema Partition

  21. Lesson 4: Configuring AD LDS Replication • Why Implement AD LDS Replication? How AD LDS Replication Works What Is a Configuration Set? AD LDS Replication Topology Demonstration: Configuring AD LDS Replication

  22. Why Implement AD LDS Replication? AD LDS replication: • Enables multiple copies of an ADLDS instanceto be stored on different servers • Provides high availability for criticalapplications • Provides load balancing • Enables geographically distributed applications

  23. How AD LDS Replication Works • ADLDS uses multimaster replication, which means that: • All instances are writable • Changes on one instance are replicated to other instances ADLDS servers replicate changes to all servers Administrator updates User 2 on Server 1 at 9:25 P.M. Administrator updates User 2 on Server 2 at 9:26 P.M. Server 1 Server 2 Server 3

  24. What Is a Configuration Set? Configuration Set 1 Configuration Set 2 Configuration Partition Configuration Partition Configuration Partition Configuration Partition Schema Partition Schema Partition Schema Partition Schema Partition App 1 Partition App 4 Partition App 2 Partition App 2 Partition App 3 Partition App 3 Partition Instance B Instance C (ADLDS-SRV 2) (ADLDS-SRV 2) ADLDS-SRV 2 ADLDS-SRV 1 ADLDS-SRV 3

  25. AD LDS Replication Topology After-hours replication only Site 1 Site 3 Site 2 • KCC maintain the replication topology in a configuration set • Active Directory Sites and Services can be used to manage • ISTG builds and maintains connections between partners • Replication topology is stored in the configuration partition

  26. Demonstration: Configuring AD LDS Replication • In this demonstration, you will learn how to: • Create an AD LDS replica • Verify AD LDS replication

  27. Lab: Implementing and Administering AD LDS • Exercise 1: Configuring AD LDS Instances and Partitions Exercise 2: Configuring AD LDS Replication Logon Information: Virtual machines: 10969A-LON-DC1 10969A-LON-SVR1 User name: Adatum\Administrator Password: Pa$$w0rd Estimated Time: 60 minutes

  28. Lab Scenario A. Datum Corporation is now implementing a number of new line-of-business (LOB) applications that users in various regions will use. In addition to London, A. Datum has users in Toronto, Canada and Sydney, Australia. Users in these locations will access the new LOB applications. These appli-cations have some specific schema requirements, so they will use AD LDS for authentication and authorization. You must deploy and configure AD LDS to support these new LOB applications.

  29. Lab Review • In the lab, when you deployed AD LDS to LON-SVR1, what was the default port number? Why was this different from LON-DC1? What are the options for high availability for AD LDS? Do the instances that are part of the same configuration set run on the same computer or on separate computers?

  30. Module Review and Takeaways • Review Questions

  31. Course Evaluation

More Related