Microsoft's official enterprise support blog for AD DS and more
Hi, Russell here. When installing Active Directory Lightweight Domain Services (AD LDS) instances, it is quite possible to paint oneself into a corner rather quickly. That’s because LDS comes with minimal schema definitions. To truly make LDS useful to your applications, one must have an understanding of how best to take advantage of the included schema definition files.
When performing an LDS installation using the AD LDS Setup Wizard, you are offered several schema options:
When performing an installation using ADAM SP1, the following schema options are presented:
So how do you know which LDF files to select? Well seriously, it all depends upon your intentions, and I’m not talking about whether or not you want to ask our resident Elf out on a date.
Ideally, Schema definition requirements should be defined by your Application Developers. But as an AD or Server Administrator it will greatly benefit you to assist in the decision making process as the choices made during install are permanent. So what to pick?
Let’s start with definitions of the basic LDF files included in ADAM SP1:
I leaned on the word “implementation” in a couple of those definitions. That’s because whenever we discuss Internet RFCs, there is much that’s open to interpretation due to the use of the words “should,” “may,” “shall,” etc. as defined in Key words for use in RFCs to Indicate Requirement Levels. I also pointed out that UserProxy.ldf is one of two ldf files required to use ADAM/LDS for Bind Redirection to Active Directory. That’s because MS-ADAMSyncMetadata.ldf is missing from the ADAM SP1 Setup Wizard. (So is UserProxyFull). Windows Server 2008 and Windows Server 2008 R2 include these additional schema definitions as part of the Setup Wizard:
What? Hidden from the installation wizard you say? How can that be? Easy, there are actually several, optional schema mods contained within the Windows\ADAM installation directory. The LDF Files are coded with “@@UI-Description: @@excludeFromList” to keep them out of the Setup Wizard GUI. In Windows Server 2008 R2, there are four other LDF files hidden from view:
These are actually some of the best files available. It is a shame they are hidden from view:
Now why would you need this enticing new feature in 2008 R2, such as the Recycle Bin? Uh, I don’t know, perhaps you like to see your users disappear with no way to recover? (No system state backup, no recycle bin to catch mistakes.) I work nights; I see many disaster recoveries, not just for AD LDS, but for AD too. This nifty feature can save you time and money – and most importantly – your job. Until next time.
-Russell “Rusty aka R2 aka Spaniard” Despain