Install Active Directory Lightweight Directory Service (AD LDS)

Install and configure Active Directory Lightweight Directory Service (AD LDS) to use it as a user registry with ISAM.

Steps

1. Log on to the system using an account that belongs to the local Administrators group. Use the Active Directory Lightweight Directory Service Setup Wizard to configure your AD LDS instance.
2. When we create an AD LDS instance, specify an AD LDS instance name used to uniquely identify the instance and name the AD LDS service.

3. Ports used for both non-SSL and SSL connection types in the AD LDS instance. Make note of the port numbers we specify because they must be entered when we configure IBM Security Verify Access.

4. On the Application Directory Partition pane of the Active Directory Lightweight Directory Service Setup Wizard, create an application directory partition to contain the user and group definitions that we use.

   Below the directory partition, we can create other Directory Information Tree (DIT) entries as needed.

5. On the File Locations pane, specify the directories used to store the files that are associated with this instance.

6. On the Service Account Select pane, select the account used to assign permissions to this instance.

7. On the AD LDS Administrators pane, select the account that has administrative control of this instance.

8. On the Importing LDIF Files pane of the Active Directory Lightweight Directory Service Setup Wizard, import the following LDIF files to update the schema used by this instance of AD LDS:
   • MS-InetOrgPerson.LDF
   • MS-User.LDF
   • MS-UserProxy.LDF

9. When you finish installing AD LDS, ensure the installation completed successfully and did not contain any errors. adamsetup.log and adamsetup_loader.log contain information that can help us troubleshoot AD LDS setup failure.

Parent topic: Microsoft Active Directory Lightweight Directory Service (AD LDS) installation