Administering directory partitions

There are three types of directory partitions in Active Directory Lightweight Directory Services (AD LDS): configuration, schema, and application. Configuration and schema directory partitions are created automatically during installation. Application directory partitions can be created either during or after installation. Every AD LDS directory partition has a unique distinguished name. Distinguished names for directory partitions in AD LDS support both Domain Naming System (DNS)–style and X.500-style naming. An AD LDS instance does not specify a naming context by default, but it can be configured to provide a default naming context to clients. You can view and manage AD LDS configuration and schema directory partitions using AD LDS administration tools, which are installed during AD LDS setup. Application directory partitions are typically managed through directory-enabled applications.

Creating directory partitions

The schema and configuration directory partitions are created automatically during installation of an AD LDS instance. (In fact, the schema and configuration directory partitions can be created only during AD LDS installation.) If you choose to join the AD LDS instance being installed to an existing configuration set, the schema and configuration directory partitions from an AD LDS instance in the configuration set are replicated to the new instance. If you install a new AD LDS instance, the installation process creates default versions of the schema and configuration directory partitions for you. If you install an AD LDS instance from media, the schema and configuration directory partitions for the new AD LDS instance are replicas of the directory partitions from the media.

When you install a new AD LDS instance, you can also choose to replicate one or more application directory partitions from an existing AD LDS instance. Or, you can choose to create a new application partition. When you create a new application directory partition during installation, you must specify a unique distinguished name for the partition. The new application directory partition consists only of a partition container object with the distinguished name that you specify.

Naming directory partitions

Each AD LDS directory partition has its own, unique distinguished name. AD LDS supports both DNS-style and X.500-style names for top-level directory partitions, including the distinguished name attributes that are listed in the following table.

Distinguished name attribute Meaning

C=

Country/region

CN=

Common name

DC=

Domain component

L=

Location

O=

Organization

OU=

Organizational unit

Specifying a default naming context

By default, an AD LDS instance does not provide a default naming context. You can, however, configure AD LDS to provide a default naming context by specifying a value for the msDS-defaultNamingContext attribute on the NTDSA object.

By default, this msDS-defaultNamingContext attribute contains no value. If a value is set in the attribute, that value is returned to a client through the defaultNamingContext attribute of the rootDse object when the rootDSE object is read.

When a bind is requested on the rootDSE object, AD LDS returns the value of defaultNamingContext if the msDS-defaultNamingContext attribute on the NTDSA object is set to the distinguished name of a top-level container of an instantiated naming context. Otherwise, no value is returned.

Importing and exporting directory objects

You can use a number of methods to import and export directory objects, both to and from the schema directory partition as well as to and from application directory partitions. You can use the ldifde command-line tool to import and export .ldf files. You can use the csvde command-line tool to import and export .csv (comma-delimited) files.

Administering application directory partitions

You can create an application directory partition during setup. You can also create application directory partitions anytime after installation, either through AD LDS administration tools or through your directory-enabled application. In production environments, you typically manage your application directory partitions and the data that they contain through your directory-enabled applications.

For information about creating application directory partitions, see Create an Application Directory Partition.

Additional references