If I want to implement AD LDS for a single application, does it require Physical hardware or it can be installed/enabled on web server or application server. As usually the web and app servers are placed in DMZ if the above option is not feasible can we put standalone AD LDS server n DMZ.
Asked
Active
Viewed 860 times
1 Answers
0
This technet article should answer most of your questions: http://technet.microsoft.com/en-us/library/cc755080%28WS.10%29.aspx
LDS is suitable for applications that will benefit from storing data in a directory, but as the article states, it's limited as follows:
AD LDS differs from AD DS primarily in that it does not store Windows security principals. While AD LDS can use Windows security principals (such as domain users) in access control lists (ACLs) that control access to objects in AD LDS, Windows cannot authenticate users stored in AD LDS or use AD LDS users in its ACLs. In addition, AD LDS does not support domains and forests, Group Policy, or global catalogs.
To the original question: Yes, it can be installed on the same server as your application.
Chris Thorpe
- 9,903
- 22
- 32
-
Hi Chris, Many many thanks for the reply. The authentication stuff i didn't understand completely. What I intend to do with AD LDS is: I willl save the external user profiles in AD LDS; can it provide authentication to the users who tries to log in and can it provide the role based access also? – Rajeev Mar 30 '10 at 09:00
-
yes, possible using LDS and AzMan: http://msdn.microsoft.com/en-us/library/bb897401.aspx – Chris Thorpe Mar 30 '10 at 09:17
-
Many thanks Chris, Just a couple of queries left 1) can LDS act independently of AD, i.e can it provide authentication and role based access for users without having AD in picture – Rajeev Mar 30 '10 at 11:54