Does MS LDS (LDAP) have the same 5 FSMO roles that AD does? When I check in dsmgmt I'm only seeing that 2 roles are known by my LDS servers (Schema and Naming Master). Just curious if I should be seeing the other 3 roles. By the way, this is for 2016 and 2022 versions of LDS.
I am trying to replicate an AD domain to a server hosting AD Lightweight Directory Services (AD LDS).
In the instance setup wizard, I am choosing "A replica of an existing instance". After I enter the FQDN of any domain controller & port 389, it fails immediately with:
AD LDS cannot connect to port 389 on server.FQDN. Verify that the server name and port are correct, and try again.
pic of error msg from AD LDS setup wizard
I can successfully telnet to any domain controller on port 389. I have tried a win2k8r2 server in the domain and a win2012r2 server outside the domain on the same subnet (I added FQDN of DC's to hosts file). Both exhibit the same error.
We are currently using CAS for multiple directory authentication. AD for internal users, AD LDS for external users. I've read that NLB is a possible solution, but wondering if this is possible with SRV records, and how about you would correctly configure that. With our AD directory, I can bind with olddomain.local, and hit any of the DCs in the domain. We don't want to hardcode servernames into CAS, so the end goal is to bind with LDSdomain.gov.
nslookup -type=srv _ldap._tcp.LDSdomain.gov
returns
_ldap._tcp.LDSdomain.gov SRV service location:
priority = 0
weight = 100
port = 1025
svr hostname = server01
_ldap._tcp.LDSdomain.gov SRV service location:
priority = 0
weight = 200
port = 1025
svr hostname = server02
I need a suggestion about having AD DS or AD LDS for my infrastructure.
I have a website which as of now do not have any log in facility for the visitors, now we are developing a new application so that the visitors can create account on the website. the best example you can think of is of any telecom service provider, they have their webiste and now is creating a login facility for it's customers so the users can create an account and can subscribe for ebill sort of facilities.
Hope the situation is clear now. For this particular application, I intend to have a web server, an application server, a DB server, one SMTP server and one AD server(for authentication of users and for saving the profiles also).
My question here starts on AD front, here do i need AD DS or AD LDS here, what i need from AD is
- provide user authentication
- provide role based access.
This is my query.
I'm very new to AD LDS and experienced but not qualified with SSAS, so my apologies for my ignorances with these.
We have a couple implementations where we expose SSAS via an HTTPS proxy (msmdpump.dll) and currently we have a temporary domain setup handling this (where our end-users have a second account+creds to manage because of this = non-ideal). I want to move us towards a more permanent solution which I'm thinking of moving all authentication to AD LDS for our web apps, SSAS, and others. However, SSAS is where I'm concerned about this.
I know SSAS requires Windows Authentication and to play nicely, and that this ultimately means Active Directory will be involved.
Is there a way to get this done with AD LDS instead of having to use a full AD DS implementation? If so, how?
(Note: My question over at StackOverflow had a suggestion that I post this question here on ServerFault instead. My apologies if I'm not asking in the right forum.)