AD LDS is a Lightweight Directory Access Protocol (LDAP) directory service designed for use with directory-enabled applications. A directory-enabled application is one that uses a directory, as opposed to a database or flat file, for its data store.
AD LDS serves as an identity provider for business scenarios that desire an extranet directory to store customer user accounts, etc., where these accounts need to be separate from the enterprise Active Directory Domain Services (AD DS) user account store.
AD LDS is one of two identity providers that are supported by Active Directory Federation Services (AD FS) for authentication purposes and to supply claims to federation-aware Web applications, the other being AD DS. AD LDS is also a supported store for authorization policy by Windows Authorization Manager (AzMan). In environments where AD DS exists, AD LDS can use AD DS for the authentication of Windows security principals.
- Easy to deploy; installation and setup are simple
- Can be installed without affecting AD DS
- Can be reinstalled or restarted without a computer reboot
- Uses the same administrative model as AD DS
- Increases reliability by separating application directory services from NOS directory services
Benefits over using AD DS:
- Does not incur the overhead of domains
- Does not require the deployment of domains or domain controllers
- Multiple instances, each tailored to a specific application, can run concurrently on a single AD LDS installation
- Each AD LDS configuration set has a separate schema, independent of the AD DS schema
- Runs on Windows XP Professional, as well as, Windows Server 2003 and Windows Server 2008