AD LDS installation steps (nodes 1 and 2) - SSO

Owned by ubisebastian
2022-01-16
3 min read

Windows Server 2016/2019

AD LDS Installation (node 1 and node 2)

Install AD LDS in Windows Server on both nodes:

  1. Start Server Manager
  2. Start Add Roles and Features Wizard by clicking Add roles and features and proceed as follows:
    1. (Pass the Before you begin step → Next)
    2. Select Role-based or feature-based installationNext
    3. Select the server you are configuring from the server pool → Next
    4. Select Active Directory Lightweight Directory Services→ Add features that are required for Active Directory Lightweight Directory Services? → Add Features → Next
    5. Keep the .NET Framework <n.n> Features selection → Next → Next Next Install

Figure 1. AD LDS installation successfully completed.

Create Service Account (node 1 and node 2)

Create ubilogindirectory user account on both nodes. Use the same password on both nodes. After you have created the user change its account type to Administrator or add it as a member of Administrators group with Windows in-built tools.

Use e.g. the following procedure in Windows Server 2019:

  1. Open Windows Settings → Click Accounts → Click Other users on the left pane → Click Add someone else to this PC → Local Users and Groups  (lusrmgr) is opened

  2. With lusrmgr select Users on the left pane → Click More Actions → Select New User... 

    Figure 2. Start creating a new user.
  3. Enter user information:
    1.  User name: ubilogindirectory
    2. Description: Ubilogin Directory Service Account
    3. Password/Confirm password: <password>
    4. Deselect User must change password at next logon
    5. Select User cannot change password and Password never expires

    6. Click Create

      Figure 3. Enter user information.

Windows Server 2008 R2

AD LDS Installation (node 1 and node 2)

Install AD LDS in Windows Server 2008 R2 on both nodes using the Server Manager as instructed for a newer Windows Server version above.

Create Service Account (node 1 and node 2)

Create ubilogindirectory user account on both nodes. Use the same password on both nodes. After you have created the user change its account type to Administrator or add it as a member of Administrators group with Windows in-built tools.

Do the following:

  1. Start Computer Management and select System Tools →  Local Users and Groups → Users
  2. Select from menu Action a New User…
  3. Create a service account with the user name ubilogindirectory as instructed for a newer Windows Server version above and click Create.

Figure 4. Enter user information with an older Windows version.



Ubisecure Privacy Policy & Cookie Statement