Active Directory Lightweight Directory Services

Active Directory Lightweight Directory Services (AD LDS) is a Lightweight Directory Access Protocol (LDAP) directory service that provides flexible support for directory-enabled applications, without the dependencies and domain-related restrictions of Active Directory Domain Services (AD DS). You can run AD LDS on member servers or stand-alone servers. You can also run multiple instances of AD LDS—each with its own independently managed schema—on one server.

AD LDS provides data storage and retrieval for directory-enabled applications, without the dependencies that are required for Active Directory Domain Services (AD DS). AD LDS provides much of the same functionality as AD DS, but it does not require the deployment of domains or domain controllers.

Both AD LDS and AD DS build on the same core Microsoft directory service technologies, but they address different needs in an organization.

AD DS provides directory services for both the Windows server operating system and for directory-enabled applications. For the server operating system, AD DS stores critical information about the network infrastructure, users and groups, network services, and so on. In this role, AD DS must adhere to a single schema throughout an entire forest.

AD LDS provides directory services specifically for directory-enabled applications. AD LDS does not require or rely on AD DS domains or forests. However, in environments where AD DS exists, AD LDS can use AD DS for the authentication of Windows security principals.

AD LDS and AD DS can run concurrently in the same network. In addition, AD LDS can support both domain users and workgroup users simultaneously, as shown in the following illustration.

Install AD LDS in Wndows Server 2012