Export (0) Print
Expand All
10 out of 12 rated this helpful - Rate this topic

Deploy using DBA-created databases (Office SharePoint Server)

Updated: March 26, 2009

Applies To: Office SharePoint Server 2007

Updated: 2009-03-26

In this topic:

About deploying by using DBA-created databases

In many IT environments, database administrators (DBAs) create and manage databases. Security policies and other policies in your organization might require that DBAs create the databases required by Microsoft Office SharePoint Server 2007.

This article discusses how DBAs can create these databases and farm administrators configure them. This article describes how to deploy Office SharePoint Server 2007 in an environment in which DBAs create and manage databases. The deployment includes all the required databases, one portal site, a Shared Services Administration Web site, My Sites, and one Shared Services Provider (SSP). This article only applies to farms that use Microsoft SQL Server 2000 with the most recent service pack or Microsoft SQL Server 2005 database software.

Some procedures in this article use the Psconfig or Stsadm command-line tools. These tools are located in the following folder: Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN.

NoteNote:

This article does not cover using the Office SharePoint Server 2007 graphical user interface tools to create or configure databases. For information about creating and configuring databases by using the Office SharePoint Server 2007 graphical user interface tools, see Deploy in a simple server farm (Office SharePoint Server).

Using these procedures, the DBA will create databases and the farm administrator will perform other configuration actions in the following order:

  • The configuration database (only one per farm).

  • The content database for Central Administration (only one per farm).

  • Central Administration Web application (only one per farm, created by Setup).

  • The Windows SharePoint Services search database (only one per farm).

  • Start the Office SharePoint Search service.

For each portal site:

  • Portal site Web application content database.

For each SSP:

  • A content database for the My Sites Web application (if the SSP is using its own Web application).

  • A content database for the Shared Services Administration Web application (if the SSP is using its own Web application).

  • SSP Search database (one per SSP).

  • SSP Web application (created by Setup if the SSP is using its own Web application).

NoteNote:

As part of the Web site and application pool creation process, a Web application is also created in Internet Information Services (IIS). Extending a Web application will create an additional Web site in IIS, but not an additional application pool.

Required database hardware and software

Before you install and configure the databases, be sure that your database servers have the recommended hardware and software. For more information about these requirements, see Determine hardware and software requirements (Office SharePoint Server).

There are also requirements specific to the database server, and, if you are using SQL Server 2005 database software, the DBA must configure surface area settings so that local and remote connections use TCP/IP only.

All of the databases required by Office SharePoint Server 2007 use the Latin1_General_CI_AS_KS_WS collation. All of the databases require that the Setup user account be assigned to them as the database owner (dbo, or db_owner).

For more information about the security requirements for these databases, see Plan for administrative and service accounts (Office SharePoint Server).

Required accounts

The DBA needs to create SQL Server logins for the accounts that are used to access the databases for Office SharePoint Server 2007 and add them to roles

For more information about the required accounts, including specific permissions and roles required for these accounts, see Plan for administrative and service accounts (Office SharePoint Server).

The following table describes the accounts that are used to access the databases for Office SharePoint Server 2007.

Account Purpose Requirements

SQL Server Service Account

This account is used as the service account for the following SQL Server services:

  • MSSQLSERVER

  • SQLSERVERAGENT

If you are not using the default instance, these services will be shown as:

  • MSSQL$InstanceName

  • SQLAgent$InstanceName

SQL Server prompts for this account during SQL Server Setup. You have two options:

  • Assign one of the built-in system accounts (Local System, Network Service, or Local Service) to the logon for the configurable SQL Server services. For more information about these accounts and security considerations, refer to the Setting Up Windows Service Accounts topic (http://go.microsoft.com/fwlink/?LinkId=121664&clcid=0x409) in the SQL Server documentation.

  • Assign a domain user account to the logon for the service. However, if you use this option you must take the additional steps required to configure Service Principal Names (SPNs) in Active Directory in order to support Kerberos authentication, which SQL Server uses.

Setup user account

The Setup user account is used to run the following:

  • Setup on each server

  • The SharePoint Products and Technologies Configuration Wizard

  • The PSConfig command-line tool

  • The Stsadm command-line tool

  • Domain user account

  • Member of the Administrators group on each server on which Setup is run

  • SQL Server login on the computer running SQL Server

  • Member of the following SQL Server security roles:

    • securityadmin fixed server role

    • dbcreator fixed server role

If you run Stsadm command-line tool commands that read from or write to a database, this account must be a member of the db_owner fixed database role for the database.

Server farm account/Database access account

The Server farm account is used to:

  • Act as the application pool identity for the SharePoint Central Administration application pool.

  • Run the Windows SharePoint Services Timer service.

  • Domain user account.

  • If the server farm is a child farm with Web applications that consume shared services from a larger farm, this account must be a member of the db_owner fixed database role on the configuration database of the larger farm.

Additional permissions are automatically granted for this account on Web servers and application servers that are joined to a server farm.

This account is automatically added as a SQL Server login on the computer running SQL Server and added to the following SQL Server security roles:

  • dbcreator fixed server role

  • securityadmin fixed server role

  • db_owner fixed database role for all databases in the server farm

NoteNote:

If you are using the least-privilege principle for added security, use a different account for each service, process, and application pool identity for each Web application. Each SSP will use two accounts, one for the SSP service account and one for the application pool identity for the Shared Services Administration Web application.

Create and configure the databases

Use the procedures in this section to create the required databases and give the accounts membership in the database Users security group and database roles.

The procedures require action by the DBA and the Setup user account. Each step is labeled [DBA] or [Setup] to indicate which role performs the action.

The following procedure will only have to be performed once for the farm, on the server you want to run the Central Administration Web site. The farm only has one configuration database and one content database for Central Administration.

Create and configure the configuration database, the Central Administration content database, and the Central Administration Web application

  1. [DBA] Create the configuration database and the Central Administration content database using the LATIN1_General_CI_AS_KS_WS collation sequence and set the database owner (dbo) to be the Setup user account.

  2. [Setup] Run Setup on each server computer in the farm. You must run Setup on at least one of these computers by using the Complete installation option.

    NoteNote:

    The rest of the farm servers will be configured after the procedures in the article are finished and the farm is established. You will run the SharePoint Products and Technologies Configuration Wizard on these servers by selecting the Yes, I want to connect to an existing server farm option, instead of by using the commands used in this procedure.

  3. [Setup] On the server on which you used the Complete installation option, do not run the SharePoint Products and Technologies Configuration Wizard after Setup. Instead open the command line, and then run the following command to configure the databases:

    Psconfig –cmd configdb –create –server <SqlServerName> –database <SqlDatabaseName> –user <DomainName\UserName> –password <password> –admincontentdatabase <SqlAdminContentDatabaseName>

    NoteNote:

    <SqlDatabaseName> is the configuration database. -user is the server farm account. <SqlAdminContentDatabaseName> is the Central Administration content database.

  4. [Setup] After the command has completed, run the SharePoint Products and Technologies Configuration Wizard and complete the remainder of the configuration for the server. This creates the Central Administration Web application and performs other setup and configuration tasks.

  5. [DBA] After the SharePoint Products and Technologies Configuration Wizard has completed, perform the following actions for both the configuration database and the Central Administration content database:

    • Add the Office SharePoint Server Search account, default content access account, and the SSP service account to the Users group.

    • Add the Office SharePoint Server Search account, default content access account, and the SSP service account to the WSS_Content_Application_Pools role.

  6. [Setup] To confirm that the databases were created and correctly configured, verify that the home page of the Central Administration Web site can be accessed. However, do not configure anything by using Central Administration at this time. If the Central Administration page does not render, verify the accounts used in this procedure and ensure that they are properly assigned.

The following procedure will only have to be performed once for the farm. The farm has only one Windows SharePoint Services search database.

Create and configure the Windows SharePoint Services Search database and start the Windows SharePoint Services Search service

  1. [DBA] Create the Windows SharePoint Services Search database using the LATIN1_General_CI_AS_KS_WS collation sequence and set the database owner (dbo) to be the Setup user account.

  2. [Setup] Open the command line, and then run the following command to configure the database and start the Windows SharePoint Services Search service:

    stsadm -o spsearch -action start -farmserviceaccount <DomainName\UserName> -farmservicepassword <password> -farmcontentaccessaccount <DomainName\UserName> -farmcontentaccesspassword <password> -databaseserver <server\instance> -databasename <DatabaseName>

    NoteNote:

    -farmserviceaccount is the server farm account. -farmcontentaccessaccount is the Office SharePoint Services Search service account. For -databaseserver, if you are using the default instance of SQL Server, you only have to specify the name of the computer running SQL Server.

The following procedure must be performed once for each server running indexing or search queries in the farm.

Start the Office SharePoint Server Search service on each server that will run search queries or indexing

  • [Setup] Open the command line, and then run the following command:

    stsadm -o osearch -action start -role <OsearchRole>-farmcontactemail <FarmContactEmail> -farmserviceaccount <DomainName\UserName> -farmservicepassword <password>

    For additional information, see Osearch: Stsadm operation (Office SharePoint Server).

NoteNote:

farmserviceaccount is the server farm account. role specifies what type of server role the server plays. The values for OsearchRole can be "Index", "Query", or "IndexQuery". For more information about these options, see Add query servers to expand a farm (Search Server 2008).

The following procedure will only have to be performed once for the farm. The farm only has one My Sites database. The My Sites Web application typically is hosted by its own SSP.

Create and configure the content database and Web application for My Sites

  1. [DBA] Create the My Sites content database using the LATIN1_General_CI_AS_KS_WS collation sequence and set the database owner (dbo) to be the Setup user account.

  2. [DBA] Add the SSP service account to the db_owner role for the My Sites Web application content database.

  3. [Setup] Open the command line, and then run the following command to configure the My Sites content database:

    stsadm.exe -o extendvs -url <url> -donotcreatesite -exclusivelyusentlm -databaseserver <DatabaseServerName> -databasename <DatabaseName> -apidtype configurableid -description <IISWebSiteName> -apidname <AppPoolName> -apidlogin <DomainName\UserName> -apidpwd <password>

    For additional information, see Extendvs: Stsadm operation (Office SharePoint Server).

    NoteNote:

    url is the URL (in the form http://hostname:port) of the My Sites Web application. databasename is the content database for the My Sites Web application. description is the text name you give to the Web site in IIS. apidname is the text name that you give to the Web application pool in IIS. apidlogin is the identity for the application pool in IIS. This is the application pool process account. If you are using Kerberos v5 authentication rather than NTLM authentication, use the negotiate parameter rather than the exclusivelyusentlm parameter

    ImportantImportant:

    This command must be run on the same computer that is indicated in the url parameter. This is the same computer that is running the My Sites Web application. The host name and port combination must not describe a Web application that already exists or an error will result without creating the Web application.

  4. [Setup] Open the command line, and then run the following command to restart IIS: iisreset /noforce.

You must create a Shared Services Administration site Web application for every SSP in the farm.

Create the content database and the Web application for the Shared Services Administration site

  1. [DBA] Create the Shared Services Administration site content database using the LATIN1_General_CI_AS_KS_WS collation sequence and set the database owner (dbo) to be the Setup user account.

  2. [DBA] Using SQL Server Management Studio, add the SSP service account to the Users group and then to the db_owner role for the Shared Services Administration site content database.

  3. [Setup] Open the command line, and then run the following command to create the Shared Services Administration site Web application and configure the content database:

    stsadm.exe -o extendvs -url <url> -donotcreatesite -exclusivelyusentlm -databaseserver <DatabaseServerName> -databasename <DatabaseName> -apidtype configurableid -description <IISWebSiteName> -apidname <AppPoolName> -apidlogin <DomainName\UserName> -apidpwd <password>

    For additional information, see Extendvs: Stsadm operation (Office SharePoint Server).

    NoteNote:

    url is the URL (in the form http://hostname:port) of the Shared Services Administration site Web application. databasename is the content database for the Shared Services Administration site Web application. description is the text name you give to the Web site in IIS. apidname is the text name that you give to the application pool in IIS. apidlogin is the identity for the application pool in IIS. This is the application pool process account. If you are using Kerberos v5 authentication rather than NTLM authentication, use the negotiate parameter rather than the exclusivelyusentlm parameter

    ImportantImportant:

    This command must be run on the same computer that is indicated in the url parameter. This is the same computer that is running the Shared Services Administration Web application. The host name and port combination must not describe a Web application that already exists or an error results and the Web application is not created.

  4. [Setup] Open the command line, and then run the following command to restart IIS: iisreset /noforce.

The following procedure will have to be performed once for each portal site in the farm.

Create and configure the portal site Web application content database

  1. [DBA] Create the portal site Web application content database using the LATIN1_General_CI_AS_KS_WS collation sequence and set the database owner (dbo) to be the Setup user account.

  2. [DBA] Using Microsoft SQL Server Management Studio, add the SSP Service account to the Users group and then to the db_owner role for the portal site Web application content database.

  3. [Setup] Open the command line, and then run the following command to configure the portal site Web application content database:

    stsadm.exe -o extendvs -url <url> -donotcreatesite -exclusivelyusentlm -databaseserver <DatabaseServerName> -databasename <DatabaseName> -apidtype configurableid -description <IISWebSiteName> -apidname <AppPoolName> -apidlogin <DomainName\UserName> -apidpwd <password>

    For additional information, see Extendvs: Stsadm operation (Office SharePoint Server).

    NoteNote:

    url is the URL (in the form http://hostname:port) of the portal site Web application. databasename is the content database for the portal site Web application. description is the text name you give to the Web site in IIS. apidname is the text name that you give to the Web application pool in IIS. apidlogin is the identity for the application pool in IIS. This is the application pool process account. If you are using Kerberos v5 authentication rather than NTLM authentication, use the negotiate parameter rather than the exclusivelyusentlm parameter.

    ImportantImportant:

    This command must be run on the same computer that is indicated in the url parameter. This is the same computer that is running the Web application. The host name and port combination must not describe a Web application that already exists or an error results and the Web application is not created.

  4. [Setup] Open the command line, and then run the following command to restart IIS: iisreset /noforce.

The following procedure must be performed once for each SSP in the farm.

Create and configure the SSP content database and SSP Search database, and then create and configure the SSP

  1. [DBA] Create the SSP content database and the SSP Search database using the LATIN1_General_CI_AS_KS_WS collation sequence and set the database owner (dbo) to be the Setup user account.

  2. [DBA] Using Microsoft SQL Server Management Studio, add the following accounts to the Users group and then to the db_owner role in both databases:

    • Server farm account

    • SSP Service account

    • Windows SharePoint Services Search service account

    • Office SharePoint Server Search service account

    • Application pool process account. This is the Web application pool identity for each Web application associated with the SSP. In this article, these are the Shared Services Administration Web application and the My Sites site Web application.

  3. [Setup] Open the command line, and then run the following command to create the SSP (the SSP will use the DBA-created SSP content database and the SSP Search database):

    stsadm -o createssp -title <SSPName> -url <url> -mysiteurl <url>-ssplogin <UserName> -ssppassword <password> -indexserver <IndexServerName>-indexlocation <IndexFilePath>-sspdatabaseserver <SSPDatabaseServerName> -sspdatabasename <SSPDatabaseName> -searchdatabaseserver <SearchDatabaseServer> -searchdatabasename <SearchDatabaseName>

    For additional information, see Createssp: Stsadm operation (Office SharePoint Server).

    NoteNote:

    url is the URL (in the format http://hostname:port/ssp/admin) of the Shared Services Administration site. mysiteurl is the URL (in the format http://hostname:port) of the My Sites Web site. ssplogin is the SSP service account in the format domain\username. indexserver is the name of the server that the index is hosted on. indexlocation is the directory on the index server where the farm administrator specified the index to be stored. By default this is SystemDrive:\Program Files\Microsoft Office Servers\12.0\Data\Office Server\Applications.

    ImportantImportant:

    This command must be run on the same computer that is indicated in the url parameter. This is the same computer that is running the Web applications. In this article, this is the server where the Shared Services Administration site Web application and the My Sites Web application are running.

Download this book

This topic is included in the following downloadable book for easier reading and printing:

See the full list of available books at Office SharePoint Server technical library.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.