Creating an Admin User in AD LDS

  1. Select Server Manager > Roles > Active Directory Lightweight Directory Services.
  2. Select ADSI Edit shown in the right side pane, under the Advance Tools section.
  3. In ADSI Edit window, go to Action Menu, select Connect to… option, or right click on ADSI Edit in the left side pane.

  4. The Connection Settings window appears to fill the below details.

  5. Enter Name to identify this AD LDS Instance.
  6. In the Connection Point section, Select or type Distinguished Name or Naming Context and enter the Partition Name in AD LDS instance.
  7. In the Computer section, select or type a domain or server: (Server | Domain[:Port]) and enter the server IP of AD LDS and port details.
  8. Click OK. The following ADSI Edit window appears.

  9. Right click on Partition/ Distinguished Name > select New > Object.
  10. In ADSI Edit window, you can expand the right side pane to check Name and Distinguished Name.
  11. In Create Object window, select container from the class list provided below.

  12. Click Next. The Create Object window appears to add value.
  13. Enter name of the container (for example, ADLDSAdminUsers) in the Value box and click Next.

  14. Click Finish.
  15. Right-click on the newly created container which is added under the Partition Name and select New > Object.

  16. In the Create Object window, select user from the list of Class items displayed. Click Next.

  17. Enter a username (for example, adldsadmin) in the Value box.

  18. Click Next and click Finish.
  19. Expand newly created container and right click on the newly created user. The following window appears to Reset Password.

  20. Select Reset Password. The following window appears to assign a new password for user.

  21. Enter the New password and Confirm password. Click OK.
  22. Right click on the newly created user and select Properties.

  23. Right click on the newly created user properties dialog, select displayName and double click on it. The following String Attribute Editor appears.

  24. Enter the same username while resetting the password.
  25. Select distinguishedName double click on it to copy the distinguishedName value.
  26. Click OK.

  27. In the same attribute editor Select msDS-UserAccountDisabled and double click on it. The following Boolean Attribute Editor window appears.

  28. Select False and click OK.
  29. Click Apply and OK.
  30. Expand the newly created partition name and CN=Roles. Right click on CN=Administrators > Properties to view the Attribute Editor.

  31. In the Attribute Editor, select member and click Edit.

  32. Click Add DN button and Enter DN of user created above (for example, CN=adldsadmin,CN=ADLDSAdminUsers,DC=wbmusersadldsdomain,DC=com) ? click OK.

  33. Click OK and click Apply.
  34. Click OK.
Parent topic: Procedure