Management domain location for an Active Directory Lightweight Directory Service (AD LDS) registry

If Active Directory Lightweight Directory Service (AD LDS) is being used as the LDAP registry, we must choose a location DN within the same directory partition where we want to store user and group information.

AD LDS has a restriction the policy server must exist in the same directory partition in which user and group information is maintained. The policy server cannot maintain user and group information outside the directory partition in which the policy server itself is defined.

Parent topic: Security Verify Access management domains