Install Identity Management for UNIX Components

Applies To: Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Note

Identity Management for UNIX is deprecated. If you try to upgrade a computer that runs Identity Management for UNIX, you may receive a warning that it must be removed before the upgrade can proceed. In that case, see Installing or removing Identity Management for UNIX by using a command line.

Identity Management for UNIX is considered a role service, or a software subcomponent, of the Active Directory Domain Services (AD DS) server role. This topic covers how to install Identity Management for UNIX using different versions of Windows Server.

To install or remove Identity Management for UNIX components

Refer to the following table for more information about the installation options for each operating system:

Operating system Installation and removal options

Windows Server 2012 R2 and Windows Server 2012

Installing or removing Identity Management for UNIX by using a command line

Windows Server 2008 R2

Installing Identity Management for UNIX by using the Windows interface

Installing Identity Management for UNIX by using Windows PowerShell

Installing or removing Identity Management for UNIX by using a command line

Windows Server 2008

Installing Identity Management for UNIX by using the Windows interface

Installing or removing Identity Management for UNIX by using a command line

Installing Identity Management for UNIX by using the Windows interface

Important

Server for NIS and Password Synchronization can be installed only on AD DS domain controllers.
This procedure applies to Windows Server 2008 R2 and Windows Server 2008.

To install Identity Management for UNIX components

  1. Open Server Manager. To open Server Manager, click Start , point to Administrative Tools , and then click Server Manager .

  2. In the tree pane, expand Roles .

  3. On the role home page for AD DS, in the Roles section, in the list of common tasks, click Add Role Services .

  4. On the Select Role Services page of the Add Role Services Wizard, select the Identity Management for UNIX role services that you want to install, and then click Next .

  5. If the wizard prompts you to install any other role services that are required by Identity Management for UNIX components, click Yes .

  6. After verifying your selections on the Confirm Installation Selections page, click Install .

    The computer must be restarted after the installation of Identity Management for UNIX finishes.

Note

You must be a member of the Administrators group on the local computer to install Identity Management for UNIX components.
Server Manager is available only to members of the Administrators group on the local computer. By default, Server Manager opens when an administrator logs on to the computer. You can open Server Manager from the Start menu, the Quick Launch bar, or from Administrative Tools.

Installing Identity Management for UNIX by using Windows PowerShell

This procedure applies only to Windows Server 2008 R2.

You can use the Windows PowerShell set of cmdlets for Server Manager to install Identity Management for UNIX.

To install Identity Management for UNIX by using Windows PowerShell

  1. Open a Windows PowerShell session with elevated user rights. To do this, click Start , click All Programs , click Accessories , click Windows PowerShell , right-click the Windows PowerShell shortcut, and then click Run as administrator .

  2. Load the Server Manager module into the Windows PowerShell session before working with Server Manager cmdlets. Type the following, and then press Enter .

    Import-Module Servermanager

Note

Windows PowerShell cmdlets are not case-sensitive.

  1. Do one of the following.

    • To install all Identity Management for UNIX components, type the following, and then press Enter . Add-WindowsFeature ADDS-Identity-Mgmt -restart

    • To install only Password Synchronization, type the following, and then press Enter . Add-WindowsFeature ADDS-Password-Sync -restart

    • To install only Server for NIS, type the following, and then press Enter . Add-WindowsFeature ADDS-NIS -restart

    A restart of the computer is required when you install Identity Management for UNIX. The -restart parameter restarts the computer automatically after installation is complete.

Note

Add the -whatIf parameter to your command to instruct Server Manager to show the list of all software that is installed by default as a result of the command. Running the command with the -whatIf parameter does not result in an actual installation; the command results show only what would be installed by an actual installation.

Installing or removing Identity Management for UNIX by using a command line

In Windows Server 2012 R2 and Windows Server 2012, use Dism.exe to install or remove Identity Management for UNIX. In Windows Server 2008 R2 and Windows Server 2008, use ServerManagerCmd.exe.

You can run Dism.exe or ServerManagerCmd.exe, from within any directory on the local computer. You must be a member of the Administrators group on the local computer.

Because of security restrictions imposed by User Account Control, you must run the commands in Windows PowerShell or in a Command Prompt window opened with elevated user rights.

To install or remove Identity Management for UNIX by using Dism.exe

  1. On a domain controller that runs Windows Server 2012 R2 or Windows Server 2012, Right-click Windows PowerShell and click Run as Administrator .

  2. Type one of the following, and then press ENTER:

    • Dism.exe /online /enable-feature /featurename:adminui /all to install the administration tools for Identity Management for UNIX.

      Dism.exe /online /disable-feature /featurename:adminui to remove the administration tools for Identity Management for UNIX.

Note

This installs or removes only the administration tools. Using Dism.exe, Server for NIS and Password Synchronization must be installed separately.

  - **Dism.exe /online /enable-feature /featurename:nis /all** to install Server for NIS.  
      
    **Dism.exe /online /disable-feature /featurename:nis** to remove Server for NIS.  
      
  - **Dism.exe /online /enable-feature /featurename:psync /all** to install Password Synchronization.  
      
    **Dism.exe /online /disable-feature /featurename:psync** to remove Password Synchronization.  
      

A restart of the computer is required when you install or remove Identity Management for UNIX. The **/quiet** parameter restarts the computer automatically after installation or removal is finished.

To install Identity Management for UNIX by using ServerManagerCmd.exe

  1. On a domain controller that runs Windows Server 2008 R2 or Windows Server 2008, open a Command Prompt window with elevated user rights. To do this, click Start , click All Programs , click Accessories , right-click Command Prompt , and then click Run as administrator .

  2. Type one of the following, and then press ENTER .

    • ServerManagerCmd.exe -install ADDS-Identity-Mgmt -restart to install all of Identity Management for UNIX

    • ServerManagerCmd.exe - install ADDS-NIS -restart to install Server for NIS

    • ServerManagerCmd.exe - install ADDS-Password-Sync -restart to install Password Synchronization

    A restart of the computer is required when you install Identity Management for UNIX. The -restart parameter restarts the computer automatically after installation is finished.

Note

Add the -whatIf parameter to your command to instruct Server Manager to show the list of all software that is installed by default by the command. Running the command together with the -whatIf parameter does not result in an actual installation. The command results show only what would be installed by an actual installation.

Special considerations for installing or removing Server for NIS

The NIS domain

Upon installation, Server for NIS creates a Network Information Service (NIS) domain that has the same name as the AD DS domain. Administrators can add users, groups, or computers to this domain. Moreover, administrators can migrate UNIX NIS domain data to Server for NIS and designate the Server for NIS computer as the master NIS server for the migrated domain.

Removing Server for NIS in master mode

If you remove Server for NIS while it is running on a master server, you must verify that another server is assigned the tasks of the master server. If other Windows-based subordinate NIS servers are in the domains supported by the master server that you remove, you must assign one of these servers the role of master server. Server for NIS cannot be a subordinate server to a master NIS server that is running on a UNIX-based operating system.

Removing Server for NIS in subordinate mode

If you remove Server for NIS while it is running as a subordinate server, the domain controller on which it was running will continue to receive NIS map updates through AD DS Synchronization.

Additional Configuration

Server for NIS and Password Synchronization require some additional configuration before they can operate in your enterprise. Password Synchronization requires the installation of specific components on UNIX hosts that will participate in password synchronization.

For more information about additional configuration steps, see the Checklists for these technologies: