Appendix B: Upgrading from ADAM to AD LDS

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

By upgrading to the Windows Server 2008 Active Directory Lightweight Directory Services (AD LDS) server role, formerly known as Active Directory Application Mode (ADAM), you can take advantage of several additional features that were not available in the previous versions of ADAM, including the following:

  • AD LDS auditing

  • The Data Mining Tool

  • Support for the Active Directory Sites and Services snap-in

  • A dynamic list of LDAP Data Interchange Format (LDIF) files that are available during setup of your AD LDS instance

  • Recursive, linked-attribute queries

For more information about AD LDS features, see Active Directory Lightweight Directory Services Overview (

To start the process of upgrading from Windows Server 2003 ADAM to Windows Server 2008 AD LDS, insert the Windows Server 2008 operating system DVD into the Windows Server 2003–based computer that is running ADAM. Or, if the Windows Server 2008 media are shared over the network, run the Setup.exe command-line tool on the Windows Server 2003–based computer that is running ADAM.


For more information, see Upgrading Active Directory Domains to Windows Server 2008 AD DS Domains (

When the upgrade is complete, the Windows Server 2003 ADAM server role will be automatically converted into the Windows Server 2008 AD LDS server role, and all preexisting unique or replica ADAM instances (which, after the upgrade, become AD LDS instances) will remain intact. Replication between Windows Server 2003 ADAM (with Service Pack 1 (SP1) or Service Pack 2 (SP2)), Windows Server 2003 R2 ADAM instances, and Windows Server 2008 AD LDS instances is fully supported.


If no instances (unique instances or replica instances) are created on your Windows Server 2003–based computer that is running ADAM, the upgrade process will not automatically convert the Windows Server 2003 ADAM server role into the Windows Server 2008 AD LDS server role. In other words, if the ADAM server role is installed on your Windows Server 2003–based computer but no ADAM instances are created, the AD LDS server role will not be installed after the upgrade to the Windows Server 2008 operating system on this computer is complete. If you intend to deploy AD LDS on this upgraded computer, add the AD LDS server role after the upgrade is complete. For more information about how to add the AD LDS server role, see Step 1: Install the AD LDS Server Role.

Extend the preexisting ADAM configuration directory partition

Extend your preexisting ADAM configuration directory partition to match the default configuration directory partition of the newly created AD LDS instance by importing the new ms-ADAM-Upgrade-1.ldf file into the unique and replica Windows Server 2003 ADAM instances after they have been successfully upgraded to Windows Server 2008 AD LDS. The new ms-ADAM-Upgrade-1.ldf file contains two additional access control rights: Unexpire-Password and Reload-SSL-Certificate.


You are not required to import ms-ADAM-Upgrade-1.ldf into more than one replica instance from a preexisting ADAM configuration set that is being upgraded to AD LDS.

You can import the MS-ADAM-Upgrade-1.LDF file by using the Ldifde.exe command-line tool.

Membership in the Administrators group of the AD LDS instance is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (

To import ms-ADAM-Upgrade-1.ldf by using the Ldifde.exe command-line tool

  1. Open a command prompt, and then change the directory to %windir%\ADAM.

  2. At the command prompt, type the following command, and then press ENTER:

    ldifde –i –f ms-ADAM-Upgrade-1.ldf –s server:portnumber –b username domain password –k –j . –c “CN=Configuration,DC=X” #configurationNamingContext
Parameter Description


Performs an import.


Specifies the file to import.


The name of the file to import.

-s server:portnumber

Specifies the host name and port of the AD LDS instance.

-b username domain password

Specifies the user name, the domain name, and the password of the account to be used to bind to the AD LDS instance.


Specifies that the import will go on ignoring "Constraint Violation" and "Object Already Exists" errors.


Specifies the log file location.

-c “CN=Configuration,DC=X” #configurationNamingContext

Specifies that the file is being imported into the AD LDS configuration directory partition.