You can administer users and groups in Active Directory Lightweight Directory Services (AD LDS) through the ADSI Edit snap-in or through your directory-enabled applications. For information about users and groups in AD LDS, see Understanding AD LDS Users and Groups.
To create users in AD LDS, you must first import the optional user classes that are provided with AD LDS into the AD LDS schema. These user classes are provided in importable .ldf files, which you can find in the directory %windir%\adam on the computer where AD LDS is installed.
Membership in the Administrators group of the AD LDS instance is the minimum required to complete this procedure. By default, the security principal that you specify as the AD LDS administrator during AD LDS setup becomes a member of the Administrators group in the configuration partition. For more information about AD LDS groups, see Understanding AD LDS Users and Groups.
|To add an AD LDS user to the directory|
Open ADSI Edit.
Connect and bind to the AD LDS instance and directory partition to which you want to add a user. For more information, see Use ADSI Edit to Manage an AD LDS Instance.
In the console tree, double-click the directory partition to which you want to add the user.
In the console tree, right-click the container to which you want to add the user, point to New, and then click Object.
In Select a class, click the class that you want to use (user, inetOrgPerson, person, or OrganizationalPerson), and then click Next.
In Value, type a value for the common name (CN) attribute of the new user, and then click Next.
If you want to set values for additional attributes, click More attributes.
After setting any additional attributes for the new user, click Finish.
- To open ADSI Edit, on a computer with
the AD LDS server role installed, click Start, click
Administrative Tools, and then click
- By default, an AD LDS user account is
enabled when the user account is created. However, no initial
password is set on an AD LDS user account that is created with
ADSI Edit. On AD LDS instances running on Windows
Server 2008 R2, where local or domain password policy
restrictions are in effect, the AD LDS user account is
disabled by default. Before you can enable the user account, you
must set a password for it that meets the password policy
restrictions that are in effect.
- Any object class can be used as a security
principal in AD LDS, if the object class definition contains
the SecurityPrincipal static auxiliary class and the
- The user, inetOrgPerson, and
OrganizationalPerson object classes are not available until
you import the AD LDS user class definitions into the
- You can also perform the task in this
procedure by using the Active Directory module for Windows
PowerShell. To open the Active Directory module, click
Start, click Administrative Tools, and then click
Active Directory Module for Windows PowerShell. For more
information, see Add an AD LDS User to the Directory (http://go.microsoft.com/fwlink/?LinkId=137802). For
more information about Windows PowerShell, see
Windows PowerShell (http://go.microsoft.com/fwlink/?LinkID=102372).