I'm setting up an authentication system for IIS and considering using Active Directory Lightweight Directory Services (AD LDS) to create user accounts and passwords on the same server where IIS is running. I'm curious if there's a straightforward way to integrate AD LDS with IIS for authentication, similar to how Windows Authentication works. I understand that Active Directory Domain Services (AD DS) can handle this, but can AD LDS work instead of AD DS to keep things light on the server? If so, how can I achieve that?
2 Answers
Unfortunately, using AD LDS in this scenario isn't feasible. Windows Authentication requires a full Domain Controller, and AD LDS just isn't built for that purpose.
AD LDS is simply Microsoft’s take on LDAP. If you're aiming for something like Integrated Windows Authentication (IWA), then you're looking at needing AD DS. While AD LDS can work for authenticating external users, it's not ideal. For a smooth SSO experience, especially if you’re looking to authenticate internal workforce users, you’ll want to set up AD DS with IWA enabled, usually along with ADFS and IIS.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures