Deploy Hosted Messaging and Collaboration Active Directory Collector

  • Article

This section provides information on how to deploy Hosted Messaging and Collaboration Active Directory Collector.

Tasks

  1. Create Data Collection Service Accounts

  2. Assign Database Permissions to Data Collection Service Accounts

  3. Assign Active Directory Permissions to Data Collection Service Accounts

  4. Extend the Hosted Messaging and Collaboration Reporting Database

  5. Install the Active Directory Data Collection Tool

  6. Install the Operations Manager Data Collection Tool

  7. Install the Hosted Messaging and Collaboration Reporting Query Client

  8. Important Note regarding QueryClient Permissions

  9. Populate the SharePoint NLB Mapping Table

Create Data Collection Service Accounts

Procedure W08-DWR.16: To create Active Directory Data Collection Service Account (ADCollectorSvc)

  1. On AD01, open Active Directory Users and Computers and expand your domain (fabrikam.com).

  2. Create a new user account ADCollectorSvc, and set the password to never expire.

    Note

    The action account cannot have a blank password or a password that will expire.

Procedure W08-DWR.17: To create Operations Manager Data Collection Service Account (SCOMCollectorSvc)

  1. On AD01, open Active Directory Users and Computers and expand your domain (fabrikam.com).

  2. Create a new user account SCOMCollectorSvc, and set the password to never expire.

    Note

    The action account cannot have a blank password or a password that will expire.

Procedure W08-DWR.18: To add the SCOMCollectorSvc account to the Operations Manager Read-Only Operators group

  1. Log on to OMMGR01 as OMAdmin, and then start the System Center Operations Console.

  2. Expand Administration, expand Security, and then select User Roles.

  3. Right-click Operations Manager Read-Only Operators, and then select Properties.

  4. Add SCOMCollectorSvc to the group.

Assign Database Permissions to Data Collection Service Accounts

Procedure W08-DWR.19: To assign database permissions to Data Collection service accounts

  1. On OMSQL01, open SQL Server Management Studio and expand OMSQL01.

  2. Add two new login accounts according to the following table:

    Login name

    Security authentication

    Default database

    User mapping database

    Database role

    Fabrikam\ADCollectorSVC

    Windows Authentication

    PWDB40

    PWDB40

    db_owner

    Fabrikam\SCOMCollectorSVC

    Windows Authentication

    PWDB40

    PWDB40

    db_owner

    OperationsManager

    db_datareader

    Assign Active Directory Permissions to Data Collection Service Accounts

    Procedure W08-DWR.20: To assign Active Directory permissions to Data Collection service accounts

    1. Log on to AD01 as Fabrikam\Administrator

    2. Run Active Directory Users and Computers. Click the View menu, and then select Advanced Features.

    3. Assign READ permission to the AD collector service account on the following AD objects with inheritance:

      • "OU=Domain Controllers,DC=fabrikam,DC=com"

      • "CN=Computers,DC=fabrikam,DC=com"

      • "OU=Hosting,DC=fabrikam,DC=com"

      • "CN=Deleted Objects,DC=fabrikam,DC=com"

        1. Use the domain administrator account to take ownership of the deleted objects container. Open a command prompt, and then run the following command:

          dsacls "CN=Deleted Objects,DC=Fabrikam,DC=com" /takeownership

        2. Grant Read access to the ADCollectorSVC using the following command:

          dsacls "CN=Deleted Objects,DC=Fabrikam,DC=com" /g FABRIKAM\ADCollectorSVC:GR

    Extend the Hosted Messaging and Collaboration Reporting Database

    Procedure W08-DWR.21: To extend the Hosted Messaging and Collaboration Reporting Database

    1. Log on to OMSQL01 as OMAdmin

    2. From the Hosted Messaging and Collaboration installation media, open a command prompt, change directory to \Monitoring and Reporting, and then run the following command:

      msiexec /i HMCReportDB.msi /norestart /passive DBHOSTNAME=OMSQL01 DBDATABASE=PWDB40 ADHOSTING=LDAP://OU=Hosting,dc=fabrikam,dc=com

    Note

    This database extends the functionality of the PWDB40 database. Thus, it must be installed on the same server as that of the PWDB40 database, and the database name must be specified as PWDB40.

    Install the Active Directory Data Collection Tool

    Procedure W08-DWR.22: To install the Active Directory Data Collection Tool

    1. Log on to OMSQL01 as OMAdmin

    2. From the Hosted Messaging and Collaboration installation media, open a command prompt, change directory to \Monitoring and Reporting, and then run the following command:

      msiexec /i ADCollector.msi /norestart /passive DBHOSTNAME=OMSQL01 DBDATABASE=PWDB40 SVCRUNAS=FABRIKAM\ADCollectorSVC SVCRUNASPWD=Password

      (where Password matches the password already assigned to the FABRIKAM\ADCollectorSVC account)

    Install the Operations Manager Data Collection Tool

    Procedure W08-DWR.23: To install the Operations Manager Data Collection Tool

    1. Log on to OMSQL01 as OMAdmin.

    2. From the Hosted Messaging and Collaboration installation media, open a command prompt, change directory to \Monitoring and Reporting, and then run the following command:

      msiexec /i ScomCollector.msi /norestart /passive DBHOSTNAME=OMSQL01 DBDATABASE=PWDB40 SVCRUNAS=FABRIKAM\ScomCollectorSVC SVCRUNASPWD=Password SCOMHOST=ommgr01.fabrikam.com

    3. From the <system drive>:\program files\System Center Operations Manager 2007\SDK Binaries folder on OMMGR01, copy the following Operations Manager 2007 SDK binaries, to the installation folder of the Operations Manager Data Collection Tool on OMSQL01 (<system drive>:\Program Files\Microsoft Provisioning\Monitoring and Reporting).

      • Microsoft.EnterpriseManagement.OperationsManager.Common.dll

      • Microsoft.EnterpriseManagement.OperationsManager.dll

    Install the Hosted Messaging and Collaboration Reporting Query Client

    Procedure W08-DWR.24: To install the Hosted Messaging and Collaboration reporting query client

    1. Log on to PROV01 as FABRIKAM\Administrator

      Note

      QueryClient.msi should not be deployed on the same server as HMCReportDB.msi because they read and write registry keys/values in the same registry path.

    2. From the Hosted Messaging and Collaboration installation media, open a command prompt, change directory to \Monitoring and Reporting, and run the following command:

      msiexec /i QueryClient.msi /norestart /passive DBHOST=OMSQL01 DBNAME=PWDB40

    3. Verify that the Hosted Messaging and Collaboration Reporting Query Client has set the correct registry keys. On PROV01, run Regedit, and then navigate to the following key:

      HKLM\Software\Microsoft\Provisioning\Monitoring and Reporting

    4. Verify the settings for Reporting Database and Reporting Database Server

    Important Note regarding QueryClient Permissions

    The Hosted Messaging and Collaboration Reporting Query Client is a managed code API which customer applications can use to retrieve tenant information and availability data from the Hosted Messaging and Collaboration Reporting Database. The user or service account that calls the Query Client will require the following permissions to the Hosted Messaging and Collaboration Reporting Database (PWDB40)

    • Read permission on [ErrorLookup] table

    • Execute permission on five stored procedures listed in the following table:

    Stored Procedure

    Description

    spGetService

    Used to enumerate services

    spGetOrgsByServer

    Used in GetOrgsByServer method in QueryClient

    spGetUsersByServer

    Used in GetUsersByServer method in QueryClient

    spGetOrgServiceState

    Used in GetOrgServiceState method in QueryClient

    spGetUserServiceState

    Used in GetUserServiceState method in QueryClient

    Populate the SharePoint NLB Mapping Table

    You must populate Windows SharePoint Server definitions for each front-end SharePoint server in your environment into the GroupServerMapping table in the Hosted Messaging and Collaboration Reporting Database PWDB40.

    The following table assumes that you have two SharePoint front-end servers behind a load-balanced vIP (with a DNS name of WSSLBFE) for your SharePoint server farm:

    GroupID

    ServerFqdn

    https://WSSLBFE:8080

    collab01.fabrikam.com

    https://WSSLBFE:8080

    collab02.fabrikam.com

    Procedure W08-DWR.25: To populate the SharePoint NLB mapping table

    1. Open a SQL query window for the Hosted Messaging and Collaboration Reporting Database PWDB40.

    2. Run the stored procedure, which should be modified as necessary to represent the server names and DNS name for your SharePoint servers:

      1. If you have multiple SharePoint front-end servers in your web farm, provide a SQL statement for each server, providing the shared (load-balanced) vIP name and the unique server name:

        exec spInsertGroupServerMapping ‘https://WSSLBFE:8080’, ‘collab01.fabrikam.com’
exec spInsertGroupServerMapping ‘https://WSSLBFE:8080’, ‘collab02.fabrikam.com’

      2. If you have only a single front-end SharePoint server, provide a SQL statement for the server, providing the admin URL and the unique server name:

        exec spInsertGroupServerMapping ‘https://collab01:8080’, ‘collab01.fabrikam.com’