Active Directory Lightweight Directory Services on VMware

images

What is AD LDS?

AD LDS is a Lightweight Directory Access Protocol (LDAP) directory service that provides flexible support for directory-enabled applications, without the dependencies that are required for Active Directory Domain Services (AD DS). AD LDS provides much of the same functionality as AD DS, but it does not require the deployment of domains or domain controllers. You can run multiple instances of AD LDS concurrently on a single computer, with an independently managed schema for each AD LDS instance.

AD DS provides directory services for both the Microsoft® Windows Server server operating system and for directory-enabled applications. For the server operating system, AD DS stores critical information about the network infrastructure, users and groups, network services, and so on. In this role, AD DS must adhere to a single schema throughout an entire forest.

The AD LDS server role, on the other hand, provides directory services specifically for directory-enabled applications. AD LDS does not require or rely on Active Directory domains or forests. However, in environments where AD DS exists, AD LDS can use AD DS for the authentication of Windows security principals.

How does ADLDS apply to Applications?

AD LDS can store “private” directory data, which is relevant only to the application, in a local directory service—possibly on the same server as the application—without requiring any additional configuration to the server operating system directory. This data, which is relevant only to the application and which does not have to be widely replicated, is stored solely in the AD LDS directory that is associated with the application. This solution reduces replication traffic on the network between domain controllers that serve the server operating system directory. However, if necessary you can configure this data to be replicated between multiple AD LDS instances.

VMware Considerations

With the introduction of vSphere 4.x, vCenter 4.x started using

  • Active Directory Application Mode (ADAM) on Windows Server 2003
  • Active Directory Lightweight Directory Services (AD LDS) on Windows Server 2008

This Mode/Service accommodates information relating to

  • Linked Mode
  • Licensing
  • Roles
  • Permissions for vCenter
  • Inventory Service

The roles and permissions are stored in the ADAM or AD LDS database which is called VMwareVCMSDS. In order to restore the roles and permissions, the ADAM or AD LDS database must be backed up. This data is regularly backed up every 5 minutes to the vCenter Server database in the VPX_BINARY_DATA table

vCenter Visibility

  • Control Panel

adlds

  • VMwareVCMSDS Service

adlds2

It is not recommended to uninstall this service unless you have a backup of the vCenter Server and vCenter Server Database Server!

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.