AD LDS Replication Step-by-Step Guide
Applies To: Windows Server 2008
Active Directory® Lightweight Directory Services (AD LDS), formerly known as Active Directory Application Mode (ADAM), is a Lightweight Directory Access Protocol (LDAP) directory service that provides data storage and retrieval support for directory-enabled applications, without the dependencies that are required for Active Directory Domain Services (AD DS). You can run multiple instances of AD LDS concurrently on a single computer, with an independently managed schema for each AD LDS instance.
For additional information about AD LDS, see Active Directory Lightweight Directory Services Overview (http://go.microsoft.com/fwlink/?LinkId=96084).
About this guide
This guide describes the processes for configuring data replication among AD LDS instances based on their participation in a configuration set. You can use the procedures in this guide to configure AD LDS replication on servers running the Windows Server® 2008 operating system in a small test lab environment.
As you complete the steps in this guide, you will be able to:
Create AD LDS replica instances
Manage site objects
Manage site link objects
To maximize your chances of completing the objectives of this guide successfully, it is important that you follow the steps in this guide in the order in which they are presented.
What this guide does not provide
This guide does not provide replication security information:
For general information about ensuring ADAM or AD LDS replication security, see the "Ensuring replication security" section in Understanding ADAM replication and configuration sets (http://go.microsoft.com/fwlink/?LinkId=98673).
For more information about ADAM or AD LDS replication requirements for service accounts, see Selecting an ADAM service account (http://go.microsoft.com/fwlink/?LinkId=98674).
For more information about ADAM or AD LDS service principal names (SPNs) and replication security, see Administering ADAM service principal names (http://go.microsoft.com/fwlink/?LinkId=98675).
For instructions for configuring the replication security level, see Modify the replication security level of a configuration set (http://go.microsoft.com/fwlink/?LinkId=98676).
This guide does not provide information about the Repadmin command-line tool. For Repadmin instructions and information, see Repadmin (http://go.microsoft.com/fwlink/?LinkId=98687).
Replication and configuration sets overview
AD LDS uses replication to provide fault tolerance and load balancing for directory services. Through replication, AD LDS copies directory data updates that are made to a directory partition on one AD LDS instance to other AD LDS instances that hold copies of the same directory partition. AD LDS instances that hold copies of the same directory partition or partitions form a logical grouping called a configuration set.
AD LDS uses a type of replication called multimaster replication, which simply means that you can make changes to directory data on any AD LDS instance. AD LDS replicates these changes to other members of the configuration set automatically.
AD LDS instances replicate data based on participation in a configuration set. All AD LDS instances that are joined to the same a configuration set must replicate a common configuration directory partition and a common schema directory partition. AD LDS instances in a configuration set can also replicate any number of application directory partitions. AD LDS instances in a configuration set are not required to replicate all application directory partitions in the configuration set. A single AD LDS instance can replicate all—or any subset of—the application directory partitions in its configuration set. An AD LDS instance cannot, however, replicate an application directory partition from a different configuration set.
Replication and sites overview
In AD LDS, the replication topology is the set of physical connections that is used to replicate directory updates among AD LDS instances in a configuration set. You can create site objects and site link objects in the AD LDS configuration directory partition to represent the physical structure of your network. AD LDS then builds the most efficient replication topology for a configuration set based on the site or sites in which members of the configuration set reside.
In AD LDS, replication within a site (intrasite replication) is treated differently than replication between sites (intersite replication). Intrasite replication occurs automatically, and it does not require any configuration beyond the construction of configuration sets. However you may choose to configure the frequency of intrasite replication. For intersite replication, you must define site link objects, on which you may then choose to configure replication schedule, frequency, and availability.
Before you start using the procedures in this guide, do the following with regard to system requirements:
Have available at least one test computer on which you can install AD LDS. For the purposes of completing the exercises in this guide, install AD LDS on computers running Windows Server 2008.
To run through the exercises in this guide, you must first install the AD LDS server role on your test computers and create at least one running AD LDS instance. For more information and instructions for installing the AD LDS server role and creating new AD LDS instances, see "Step 1: Installing the AD LDS server role" and "Step 2: Practice working with AD LDS instances" in the Step-by-Step Guide for Getting Started with Active Directory Lightweight Directory Services (http://go.microsoft.com/fwlink/?LinkId=98679).
Log on to Windows Server 2008 with an administrator account.
For the purposes of this guide, you can install replica AD LDS instances on your first test computer or you can install them on a second computer, if you have one available.
Steps for configuring AD LDS replication
The following sections provide step-by-step instructions for configuring replication data replication among AD LDS instances. These sections provide both graphical user interface (GUI) and command-line methods for backing up and restoring AD LDS, where applicable.