LDAP Stands for Lightweight Directory Access Protocol. In other words, that protocols allows us to set up user authentication as a service. The LDAP architecture consists of Domain Controller which either allows or disallows users to authenticate. The authentication is again done via the standard username and password. But this time, the username and passwords are created on the domain and not directly on the server.

The authentication is done via the Domain Controller using Kerberos and a small Database.

So in order to do it, we have to enable and install that feature on the server. Please follow the instructions below:

To enable this feature, open the server management:

1. Server Manager → Manage → Add Roles and Features
2. Before you begin → Next
3. Installation Type → Role-Based or Feature-Based Installation → Next
4. Server Selection → Select your server → Next
5. Server Roles → Click on: Active Directory Domain Services → Next
6. Add Roles and Features Wizard → Add Features
7. Server Roles → Next
8. Features → Next
9. Active Directory Domain Services (AD DS) → Next
10. Confirmation → Restart the destination server automatically if required.
11. Results → Wait to complete :) → Close

Nice, so we have enabled the LDAP, now we have to promote our server to domain controller: P.S. the server which will CONTROL the authentication.

1. Server Manager → AD AS → More → Promote This server to Domain Controller
2. Deployment Configuration → Create new forecast → Enter Domain Name (e.g. sqldom.com) → Next
3. Domain Controller Options → Enter DSRM Password → Next
4. Additional Options → Next
5. Paths → Next
6. Review Options → Next
7. Prerequisites Checks → Install → Wait → It will restart automatically

After you add couple servers (below more instructions) You will have something like that:

After we have domain controller, let's see how our architecture looks like:

• winnodea - Domain Controller, IP: 10.20.14.6
• winnodeb - Not part of the domain, IP: 10.20.14.5

To add winnodeb to the domain, go to the server you wish to add and insure that the DNS server points to the domain controller:

After that, follow these steps to add the computer to the domain:

1. Right Click on Computer → Properties → Change Settings
2. System Properties → Press the “Computer Name” tab → Change
3. Computer Name/Domain Changes → Press the Domain radio Button and Enter the Domain Name
4. Provide the credentials for the DOMAIN CONTROLER
5. The computer will restart automatically and upon login, you will be able to use the domain account :)