Verifying Database Restoration
2/9/2009
After running the script queries, you should verify that the databases were restored properly by making sure that the accounts and permissions are intact.
Remote Databases
When installed with remote databases, MDM setup configures the following user accounts and roles for each database.
Database | User account | Database Roles |
---|---|---|
AdminServices |
<domain>\SCMDMDeviceManagementServers |
ServiceAdmin, ServiceDriver, VPNAdmin, VPNPowerUSer |
<domain>\SCMDMEnrollmentServers |
ServiceAdmin, ServiceDriver |
|
<domain>\SCMDMServerAdministrators |
ServiceAdmin |
|
MobileEnrollment |
<domain>\SCMDMEnrollmentServers |
EnrollmentServer |
NT AUTHORITY\ANONYMOUS LOGON |
EnrollmentWebService |
|
TEEDB |
<domain>\SCMDMDeviceManagementServers |
PublicAPI, TEE |
SUSDB |
<domain>\<server name>$ |
Public |
Local Databases
When installed with local databases, MDM setup configures the following user accounts and roles for each database.
Database | User account | Database Roles |
---|---|---|
AdminServices |
<domain>\SCMDMServerAdministrators |
ServiceAdmin |
NT AUTHORITY\NETWORK SERVICE |
ServiceAdmin, ServiceDriver, VPNAdmin, VPNPowerUser |
|
MobileEnrollment |
NT AUTHORITY\LOCAL SERVICE |
EnrollmentWebService |
NT AUTHORITY\NETWORK SERVICE |
EnrollmentServer |
|
TEEDB |
<domain>\SCMDMDeviceManagementServers |
PublicAPI, TEE |
NT AUTHORITY\NETWORK SERVICE |
PublicAPI, TEE |
Active Directory Service Connection Point
To verify the Active Directory service connection point (SCP), follow these steps:
- Download the Active Directory Service Interfaces tool at this Microsoft Web site:
https://go.microsoft.com/fwlink/?LinkId=109940 - Open a Microsoft Management Console (MMC) window.
- Add the ADSIEdit snap-in.
- Connect to the domain.
- Expand the domain, expand DC=domain,DC=company name,DC=com, expand CN=System, expand CN=SCMDM, right-click CN=<instance name>, and then select Properties.
- In the CN=<instance name> Properties dialog box, on the Attribute Editor tab, in the Attributes box, scroll down and select keywords, and then select Edit.
- In the Multi-valued String Editor dialog box, in the Values box, select database=<old SQL Server>, select Remove. If only the SQL Server instance was changed and SQL Server still runs on the same computer, then select sqlinstance=<old SQL Server instance> instead of database=<old SQL Server>.
- In the Value to add box, change the old SQL Server to the new SQL Server, select Add, and then select OK.
- In the CN=<instance name> Properties dialog box, select Apply, and then select OK.
- Start all of the MDM services:
- SCMDM ADGP Service
- SCMDM Enrollment Service
- SCMDM GCM Service
- SCMDM Password Recovery Service
- SCMDM Software Distribution Service
- SCMDM Wipe Service