Create a New AD LDS Instance
Applies To: Windows Server 2008
In Active Directory Lightweight Directory Services (AD LDS), a "service instance" (or, simply, "instance") refers to a single running copy of the AD LDS directory service. Multiple instances of AD LDS can run simultaneously on the same computer. Each instance of the AD LDS directory service has a separate directory data store, a unique service name, and a unique service description that is assigned during installation. During AD LDS installation, you have the option of creating an application directory partition if your Lightweight Directory Access Protocol (LDAP) application does not create one for you. You can use this procedure and the Active Directory Lightweight Directory Services Setup Wizard to create AD LDS service instances.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477). By default, the security principal that you specify as the AD LDS administrator during AD LDS setup becomes a member of the Administrators group in the configuration partition.
To create a new AD LDS instance by using the Active Directory Lightweight Directory Services Setup Wizard
Click Start, point to Administrative Tools, and then click Active Directory Lightweight Directory Services Setup Wizard.
On the Welcome to the Active Directory Lightweight Directory Services Setup Wizard page, click Next.
On the Setup Options page, click A unique instance, and then click Next.
On the Instance Name page, provide a name for the AD LDS instance that you are installing. This name is used on the local computer to uniquely identify the AD LDS instance.
On the Ports page, specify the communications ports that the AD LDS instance uses to communicate. AD LDS can communicate by using both LDAP and Secure Sockets Layer (SSL). Therefore, you must provide a value for each port.
The default value for the LDAP port is 389 and the default value for the SSL port is 636. If you install AD LDS on a computer where either of the default ports is in use, the Active Directory Lightweight Directory Services Setup Wizard automatically locates the first available port, starting at 50000. For example, Active Directory Domain Services (AD DS) uses ports 389 and 636, as well as ports 3268 and 3269 on global catalog servers. Therefore, if you install AD LDS on a domain controller, the Active Directory Lightweight Directory Services Setup Wizard provides a default value of 50000 for the LDAP port and 50001 for the SSL port.
- On the Application Directory Partition page, you can create an application directory partition (or naming context) by clicking Yes, create an application directory partition. Or, you can click No, do not create an application directory partition, in which case you must create an application directory partition manually after installation. For more information, see Create an Application Directory Partition.
AD LDS supports both X.500-style and Domain Name System (DNS)–style distinguished names for top-level directory partitions.
If you type an application directory partition name that does not meet the established DNS name conventions or the current schema's rangeUpper constraints, you can proceed to the rest of the steps in the wizard. However, when you attempt to create an AD LDS instance, the wizard displays the following error message:
“Active Directory Lightweight Directory Services could not create the directory partition <name> on the local Active Directory Lightweight Directory Services instance. Ensure that this name is unique.”
where <name> is the application directory partition name that you typed.
Ensure that you type a valid application directory partition name. For more information, see article 909264 (http://go.microsoft.com/fwlink/?LinkID=106629) and article 556086 (http://go.microsoft.com/fwlink/?LinkId=155079) in the Microsoft Knowledge Base.
On the File Locations page, you can view and change the installation directories for AD LDS data and recovery (log) files. By default, AD LDS data and recovery files are installed in %ProgramFiles%\Microsoft ADAM\instancename\data, where instancename represents the AD LDS instance name that you specified on the Instance Name page.
On the Service Account Selection page, select an account to be used as the service account for AD LDS. The account that you select determines the security context in which the AD LDS instance runs. The Active Directory Lightweight Directory Services Setup Wizard defaults to the Network Service account.
On the AD LDS Administrators page, select a user or group to become the default administrator for the AD LDS instance. The user or group that you select will have full administrative control of the AD LDS instance. By default, the Active Directory Lightweight Directory Services Setup Wizard specifies the currently logged on user. You can change this selection to any local or domain account or group on your network.
On the Importing LDIF Files page, you can import schema LDAP Data Interchange Format (LDIF) files into the AD LDS instance.
It is recommended that you import the following LDIF files when you create a new AD LDS instance by using the Active Directory Lightweight Directory Services Setup Wizard:
LDIF file name Description
Contains the definition of the inetOrgPerson LDAP object class.
Contains user and related classes object definitions.
Contains the simple userProxy class object definition.
Contains the full userProxy class object definition.
Contains display specifiers. This .ldf file is required for snap-in operations. If you are planning to connect to your AD LDS instance and then manage it through the Active Directory Sites and Services snap-in, import this file now with the Active Directory Lightweight Directory Services Setup Wizard.
You can also import various LDIF files after an AD LDS instance is created. For more information, see Import or Export Directory Objects Using Ldifde.
AD LDS also allows you to make custom LDIF files (in addition to the default LDIF files that are provided with AD LDS) that are available during the AD LDS setup by adding them to the %systemroot%\ADAM directory. You can create custom LDIF files by using ADSchema Analyzer. For more information, see the procedure "To create an LDIF file with ADSchemaAnalyzer" in Step 3: Practice Using AD LDS Administration Tools. Store the custom LDIF file in the %systemroot%\ADAM directory and then run the Active Directory Lightweight Directory Services Setup Wizard to create a new AD LDS instance. Your custom LDIF file will be available in the list of LDIF file names on the Importing LDIF Files page.
The Ready to Install page gives you an opportunity to review your installation selections. After you click Next, the Active Directory Lightweight Directory Services Setup Wizard copies files and sets up AD LDS on your computer.
When the Active Directory Lightweight Directory Services Setup Wizard finishes installing AD LDS, it displays this message: “You have successfully completed the Active Directory Lightweight Directory Services Setup Wizard.” When the Completing the Active Directory Lightweight Directory Services Setup Wizard page appears, click Finish to close the wizard.
If the Active Directory Lightweight Directory Services Setup Wizard does not complete successfully, an error message that describes the reason for the failure appears on the Summary page.
If an error occurs in the Active Directory Lightweight Directory Services Setup Wizard before the Summary page, you can review the error message. In addition, you can click Start, click Run, and then type either of the following:
The ADAMsetup.log and ADAMsetup_loader.log files contain information that can help you troubleshoot the cause of an AD LDS setup failure.