Allow AD LDS Users to be Created in the Configuration Partition

Applies To: Windows Server 2008

You can use this procedure to allow users to be created in the configuration partition so that Active Directory Lightweight Directory Services (AD LDS) users can be AD LDS administrators.

To allow AD LDS users to be created in the configuration partition

  1. To open Active Directory Service Interfaces (ADSI) Edit, click Start, point to Administrative Tools, and then click ADSI Edit. For more information, see Manage an AD LDS Instance Using ADSI Edit.

  2. Double-click the CN=Configuration,CN=Guid container.

  3. Double-click the CN=Services object, and then double-click the CN=Windows NT object.

  4. Right-click CN=Directory Service, and then click Properties.

  5. In the Attributes list, click msDS-Other-Settings, and then click Edit.

  6. In the Values list, click each value that contains the text ADAMAllowAD AMSecurityPrincipalsInConfigPartition=0, and then click Remove.

  7. In the Value to add box, type the following:

    ADAMAllowADAMSSecurityPrincipalsInConfigPartition=1, and then click Add.

  8. Click OK two times, and then close ADSI Edit.