With this chapter, we are moving into the third section of this book, which focuses on the Active Directory (AD) server roles. There are five main AD server roles:

• Active Directory Domain Services (AD DS)
• Active Directory Lightweight Directory Services (AD LDS)
• Active Directory Federation Services (AD FS)
• Active Directory Rights Management Services (AD RMS)
• Active Directory Certificate Services (AD CS)

We have already looked into many AD components, features, and capabilities, but we are not quite done yet. AD services are attached to many different components, such as Domain Name System (DNS), Distributed File System Replication (DFSR), and group policies. To maintain a healthy AD environment, we need to manage each of these components properly and make sure they do what they are supposed to do. However, in some scenarios, IT professionals and software developers are only interested in AD authentication...

When we talk about AD, we refer to it as a single service; however, AD DS is a collection of many other components such as DNS, group policies, SYSVOL folder replication, and so on. Each of these components needs to operate well in order to run a healthy AD environment. Managing these components isn't easy; it requires investments in resources, time, and skills. It is not just about service uptime and performance; security also plays a crucial role in this. The failure or compromise of these components/services can have a potential impact on the entire AD infrastructure.

Microsoft Windows Core is also count as operating systems. It doesnt have fancy GUIs or lots of applications running, but still do the job of an operating system. It allow users to build systems from scratch according to their requirements. This also increases the server uptime (fewer updates), reliability, performance, and security. Soon after Microsoft released the first AD version, IT...

If we are already using AD DS, then the question will be why we need AD LDS. In the following section, we will look at several scenarios where we can use LDS.

Application development

This is the area that has benefited most from AD LDS capabilities. Application development involves lots of research and testing. If these applications are AD-integrated, it is obvious that they need to be developed and tested within an AD environment. During the development process, you may be required to build many test environments. If they're full-blown AD DS instances, it will take resources, time, and effort to deploy and maintain them. AD LDS allows you to run multiple instances of it within the same environment, independently. Each instance will have its own schema, and engineers can maintain the instance for each application test environment. Even if it looks like a cut-down version, it provides the same AD DS authentication and management capabilities, allowing...

In the Windows Server 2022 operating system, LDS can be installed using Server Manager. In order to install LDS, a user needs to log in to the selected systems with local administrator privileges.

Once logged in, launch Server Manager and click on Add Roles and Features. Then, follow the wizard, select Active Directory Lightweight Directory Services under Server Roles, and proceed:

Figure 11.1: AD LDS role

Once the role is installed, click on the Post-Deployment Configuration wizard in Server Manager. LDS can be set up in two ways: one is by using a unique instance and the other one is by using a replica of an existing instance. The replica option is similar to using the cloned copy of an existing instance.

This is useful, especially in an application development environment where engineers need to maintain a number of application versions:

In the next window, we can define the name and description...

Healthy replication is a must for an AD environment. AD uses a multi-master database, so every domain controller in the environment should be aware of every change in an AD database. As well as this, domain controllers should also know about changes in group policies, startup scripts, preference settings, and more. When it comes to replication, it is not only the replication service that is responsible for it. There should be stable network connectivity between domain controllers. This communication media can be copper cables, fiber cables, or even a Software-Defined Network (SDN). In this section, we are going to look at how we can use the AD-integrated features to maintain healthy replication.

FRS versus DFSR

Windows Server 2000 and 2003 use FRS to replicate the SYSVOL folder content between domain controllers. With Windows Server 2008, FRS was deprecated and Microsoft introduced DFSR for SYSVOL folder replication:

The rest of the chapter is locked

You have been reading a chapter from

Mastering Active Directory, Third Edition - Third Edition

Published in: Nov 2021Publisher: PacktISBN-13: 9781801070393

© 2021 Packt Publishing Limited All Rights Reserved

Author (1)

Dishan Francis

Dishan Francis is an IT professional with over 15 years of experience. He was a six-time Microsoft MVP in enterprise mobility before he joined Microsoft UK as a security consultant. He has maintained the RebelAdmin technology blog over the years, with lots of useful articles that focus on on-premises Active Directory services and Azure Active Directory. He has also written for other Microsoft-managed blogs such as canitpro and ITopsTalk. When it comes to managing innovative identity infrastructure solutions to improve system stability, efficiency, and security, his level of knowledge and experience places him among the very best in the field.
Read more about Dishan Francis

Personalised recommendations for you

Based on your interests and search pattern

Designing and Implementing Microsoft Azure Networking Solutions

Designing and Implementing Microsoft Azure Networking Solutions Exam Ref AZ-700 is an all-encompassing guide to the AZ-700 exam and contains all the information you need to succeed in the world of virtual networking with Azure. With this book, you will be fully prepared for the exam and the world of cloud networking.

BookAug 2023524 pages

Microsoft 365 Security, Compliance, and Identity Administration

The Microsoft 365 Security, Compliance, and Identity Administration is a comprehensive guide that helps you employ Microsoft 365's robust suite of features and empowers you to optimize your administrative tasks.

BookAug 2023630 pages

Zero Trust Overview and Playbook Introduction

Get started on Zero Trust with this step-by-step playbook and learn everything you need to know for a successful Zero Trust journey with tailored guidance for every role, covering strategy, operations, architecture, implementation, and measuring success. This book will become an indispensable reference for everyone in your organization.

BookOct 2023240 pages

The Self-Taught Cloud Computing Engineer

This self-study book helps you master multiple clouds, including AWS, Azure, and GCP, and serves as a roadmap to becoming a certified cloud computing expert. The book will guide you to develop a professional cloud career by helping you build a broad cloud knowledge base, developing hands-on cloud computing skills, and getting cloud certified.

BookSep 2023472 pages

Technology Operating Models for Cloud and Edge

This book will help you build and create ownership of a technology operating model, as well as connect your leadership with engineering and operations, keeping your internal and external customers in mind. It provides practical tips on why, where, and how to make the cloud and edge platform paradigm sing for you, your team, and your organization.

BookAug 2023228 pages

Azure Architecture Explained

Azure is the preferred platform to build mission-critical and secure apps. This book provides comprehensive coverage of essential Azure products, services, and solutions vital for every solution architect's success. Elevate your knowledge and master the critical components of Azure to excel in your role with Azure Architecture Explained.

BookSep 2023446 pages

Pentesting Active Directory and Windows-based Infrastructure

This practical guide helps you explore the pentesting of Microsoft infrastructure in detail, and enhances your offensive skillset by showing you the different ways to perform security assessment. This book will help blue teamers and IT engineers get up to speed with possible security issues they may encounter in their Windows environments.

BookNov 2023360 pages

Practical Ansible

In Practical Ansible, you'll work with the latest release of Ansible and learn to solve complex issues quickly with the help of task-oriented scenarios. You'll start by installing and configuring Ansible to automate monotonous and repetitive IT tasks and get to grips with concepts such as playbooks, inventories, plugins, collections, and network modules.

BookSep 2023420 pages

Windows 11 for Enterprise Administrators

Microsoft’s launch of Windows 11 is a step toward satisfying the enterprise administrator’s needs for better management and enhanced user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 11 Enterprise.

BookOct 2023286 pages

The Linux DevOps Handbook

This book is for software and IT professionals seeking knowledge on Linux systems and DevOps practices. This book will provide you with guidance and tools to learn and gain proficiency in managing Linux-based infrastructures and knowledge of DevOps.

BookNov 2023428 pages2