Microsoft Active Directory Lightweight Directory Service (AD LDS) installation and configuration

We must prepare the AD LDS server for use with ISAM.

Before you install Microsoft Active Directory Lightweight Directory Service, read Installing and configuring Active Directory Lightweight Directory Service (AD LDS), which provides a summary of important Security Verify Access considerations and requirements when you configure AD LDS.

For complete download, installation instructions, see the AD LDS documentation provided by Microsoft Corporation.

• Installing and configuring Active Directory Lightweight Directory Service (AD LDS)
  Install and configure Active Directory Lightweight Directory Service (AD LDS) to use it as a user registry with ISAM.
• Installing Security Verify Access with support for Active Directory Lightweight Directory Service (AD LDS)
  To use AD LDS with ISAM, we must copy the tam-adamschema.ldf file to the AD LDS server. This file can be obtained from the File Downloads section of the appliance in the ISAM folder.
• Configure the ISAM schema
  Security Verify Access defines its own set of LDAP entry types and attributes that it uses to track user, group, and policy information. Add the ISAM schema extensions so that Active Directory Lightweight Directory Service support is enabled.
• Management domain data location
  The user registry creates and stores metadata that tracks information about the ISAM management domain. We must specify the location for the metadata storage.
• Configure an ISAM directory partition
  By default, Security Verify Access maintains metadata information in a specific Active Directory Lightweight Directory Service (AD LDS) directory partition that is also known as a naming context or suffix. This default Security Verify Access metadata directory partition is called secAuthority=Default. To create the default Security Verify Access metadata directory partition, use the AD LDS administration tool ldp.exe.
• Add an administrator to the ISAM metadata directory partition
  After adding an ISAM schema to the Active Directory Lightweight Directory Service (AD LDS) instance and specified the ISAM metadata directory location, add an AD LDS user administrator for the ISAM metadata directory partition.
• Allowing anonymous bind
  In order for ISAM to be configured with Active Directory Lightweight Directory Service (AD LDS), AD LDS must be configured to allow anonymous bind.
• Configure Active Directory Lightweight Directory Service (AD LDS) to use SSL
  Enable SSL to secure communication between the Active Directory Lightweight Directory Service and the ISAM components.

Parent topic: User registry server installation