To control access to directory data, Active Directory Lightweight Directory Services (AD LDS) relies on permissions that are granted to users and groups. AD LDS supports the simultaneous use of both Windows users and AD LDS users as members of AD LDS groups. AD LDS provides four default role-based groups. You can create additional AD LDS groups as necessary. To create AD LDS users, you must first import the user object class definitions that are provided with AD LDS, or you can supply your own user object definitions.

Task Reference

Read about AD LDS users and groups.

Understanding AD LDS Users and Groups

Extend the schema of an instance to include user classes.

Import the User Classes That Are Supplied with AD LDS

Add users to the directory.

Add an AD LDS User to the Directory

Add members to AD LDS groups.

Add or Remove Members to or from an AD LDS Group


Table Of Contents