Classic Metadirectory Walkthrough: Lab Setup

Applies To: Windows Server 2003 with SP1

Previous Steps in This Walkthrough

  1. Classic Metadirectory Overview

  2. Scenario Design

Scenario Requirements and Lab Setup

The Classic Microsoft Identity Integration Server 2003 scenario requirements must be met to perform the scenario setup and the step–by–step walkthrough of the scenario. The knowledge requirements include an understanding of the different systems used as connected data sources. The lab requirements consist of basic server hardware requirements and specific software and scenario files. Setting up the lab for this scenario entails the configuration of the connected data sources and the server hosting Microsoft Identity Integration Server 2003.

Knowledge Prerequisites

The individual responsible for setting up the lab for this scenario should have a complete knowledge of the following:

  • Installing and configuring Active Directory.

  • Installing and configuring Sun ONE Directory Server 5.1 Directory Server.

  • Installing Microsoft® Windows® Server 2003, Enterprise Edition.

  • Installing and configuring Microsoft® SQL Server 2000, Enterprise Edition, with Service Pack 3 (SP3).

Lab Requirements

To complete this scenario, two server servers must be set up and configured.

Hardware Requirements

The following are the minimum hardware requirements for the two servers used in this scenario:

  • Pentium II 500.

  • 256 MB of RAM.

  • 8 GB hard disk.

  • Network adapter.

  • 4 MB video adapter.

  • SVGA monitor (800x600) or greater resolution.

  • Microsoft Mouse or compatible pointing device.

Software Requirements

Ensure that you have the following software available:

  • Windows Server 2003, Enterprise Edition

  • Microsoft Identity Integration Server 2003

Setup File Requirments

The setup files for this scenario are located in the following folder along with this document:

\Scenarios\ClassicMetadirectory

It is recommended that you copy these setup files into a directory on the servers running Microsoft Identity Integration Server 2003 and Active Directory.

Lab Setup

The table below lists the hardware and software setup for this scenario.

Server Configuration

Active Directory/Exchange/Sun ONE Directory Server 5.1 server.

Name: fabnoa-dc-01

Active Directory and required Active Directory organizational units (OUs) created using scenario-specific scripts, Sun ONE Directory Server 5.1. Exchange is not installed.

Microsoft Identity Integration Server 2003 server, HR database server

Name: fab-miis-1

Microsoft Identity Integration Server 2003, Windows Server 2003, Enterprise Edition; SQL Server 2000 SP3, Enterprise Edition; Visual Studio .NET

Setting Up the First Server

The first server configured in the lab will run Windows Server 2003, Enterprise Edition, and be configured as an Active Directory domain controller and a Sun ONE Directory Server 5.1 Directory server. Once Active Directory is set up, you will use the scripts provided for this scenario to create the necessary Active Directory organizational units (OUs).

The installation procedure for Sun ONE Directory Server 5.1 Directory Server is not included in this document, and you should therefore have a copy of the Sun ONE Directory Server 5.1 Directory Server guide available. The Sun ONE Directory Server 5.1™ Directory Server installation guide is available at https://docs.sun.com/.

Windows Server 2003 and Active Directory Setup

While setting up the first server with Windows Server 2003, you will specify the name of the server and use standard installation settings. After you have set up Active Directory on the same server, you will create the Active Directory organizational units for this scenario using the scripts provided along with this scenario document.

Important

The default password policy settings in Windows Server 2003 require user passwords to be more complex than the passwords that are assigned to the sample users provided for this scenario. Therefore, in order to successfully import the sample users into the Active Directory of your test environment, you must disable the complexity requirements for your test domain’s password policy. For more information about disabling password complexity in a domain, see “To apply or modify password policy” in Help and Support Center for Windows Server 2003.

To install Windows Server 2003 from the operating system CD

  1. Insert the Windows Server 2003 operating system CD in the CD-ROM drive.

  2. Follow the prompts to install Windows Server 2003, Enterprise Edition, by using the parameters in the table below. Respond to all other installation prompts with information appropriate for your server or location. (Unless indicated, accept the default option.)

When prompted for Use this configuration

Licensing Mode

Per Device or Per User

Server Name

fabnoa-dc-01

  1. When installation is complete, restart the server.

To install Active Directory

  1. Click Start, click Run, and then type: dcpromo

  2. In the Active Directory Installation Wizard, on the Domain Controller Type page, click Domain controller for a new domain, and then click Next.

  3. On the Create New Domain page, click Domain in a new forest, and then click Next.

  4. On the New Domain Name page, type: fabnoa.fabcorp.fabrikam.com

  5. Click Next.

  6. On the NetBIOS Domain Name page, verify the NetBIOS name, and then click Next.

  7. On the Database and Log Folders page, type the location in which you want to install the database and log folders, or click Browse to choose a location, and then click Next.

  8. On the Shared System Volume page, type the location in which you want to install the SYSVOL folder, or click Browse to choose a location, and then click Next.

  9. On the DNS Registration Diagnostics page, click Install and configure the DNS server on this server, and set this computer to use this DNS server as its preferred DNS server, and then click Next.

  10. On the Permissions page, select the following:

    Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems

  11. Review the Summary page, and then click Next to begin the installation.

  12. Restart the server.

  13. Logon as Administrator and copy the scenario setup files from the \Scenarios\ClassicMetadirectory directory on the installation media onto the following directory on the server: C:\Scenarios\ClassicMetadirectory

To create the organizational unit structure within the new Active Directory domain

  1. Log on as Administrator.

  2. Locate the file buildad.cmd in the directory C:\Scenarios\ClassicMetadirectory and open the file by using Notepad.

  3. Change the following variables to reflect your scenario:

    • Servername If you run the buildad.cmd script remotely, this variable must be the computer name of the Active Directory domain controller to which you are connecting.

    • Username The name of an administrator account that is allowed to create objects in Active Directory.

    • Domainname The NetBIOS name of the Active Directory domain (FABNOA).

    • Password The password of the administrator account.2

Note

If you use a domain name other than fabnoa.fabcorp.fabrikam.com, then you need to perform the following two extra steps: Step 1: While editing the buildad.cmd file, change the sentence “set addomain=dc=fabnoa,dc=fabcorp,dc=fabrikam,dc=com” to match the distinguished name of your domain. Step 2: Prior to running buildad.cmd, edit the fabrikam-ad-users.ldif file by replacing all fabnoa.fabcorp.fabrikam.com strings with the DNS fully qualified domain name of your domain.

  1. Save the changes to buildad.cmd and close Notepad.

  2. At the command line, run buildad.cmd.

The buildad.cmd script creates five organizational unit (OU) objects in Active Directory (at the same level as Builtin and Users). One OU is named after the Active Directory server, fabnoa-dc-01. Under this OU, another OU with the name of the scenario, ClassicMetadirectory is created. Under the ClassicMetadirectory OU, a Fabrikam OU is created and populated with two other OUs named Users and Groups, which are also populated with users and groups, respectively. Note that the groups are empty upon creation. The three containers used in this scenario are depicted in the following figure.

f80d08f0-de04-4ba3-b179-f1c5c728ad39

Figure 1.4: Active Directory OUs for Classic Microsoft Identity Integration Server 2003 Scenario

Sun ONE Directory Server 5.1 Directory Server Setup

Sun ONE Directory Server 5.1 Directory Server will be installed on the server running Active Directory. To setup Sun ONE Directory Server 5.1 Directory Server, see the Sun ONE Directory Server 5.1 Directory Server installation guide. Once Sun ONE Directory Server 5.1 Directory Server is installed, configure the server with the Sun ONE Directory Server 5.1 Directory Server setup files for this scenario.

To install Sun ONE Directory Server 5.1 Directory Server setup files

  1. Logon as Administrator to the Active Directory server.

  2. If you have not copied the scenario setup files from the Microsoft Identity Integration Server 2003 installation media, copy the setup files from \Scenarios\ClassicMetadirectory directory on the installation media to the following directory on the server: C:\Scenarios\ClassicMetadirectory

  3. Open the import-users-iPlanet.cmd file using Notepad.

  4. Adjust the –s and –a command line options in the file with the server name and credentials of your Sun ONE Directory Server 5.1 server.

  5. Adjust the -t command line option in the file with the port of your Sun ONE Directory Server 5.1 server. Also, if Sun ONE Directory Server 5.1 and Active Directory are running on the same computer, in import-users-iPlanet.cmd, configure Sun ONE to use port 389 (set port =389), because both directories cannot use the same port. For example: ldifde -i -f fabrikam-iPlanet-users.ldif -s %servername% -a %username% %password% -t %port%.

  6. Open the fabrikam-iPlanet-users.ldif file by using Notepad.

  7. Adjust the Suffix and Container name (e.g. “ou=People,dc=fabrikam,dc=com”) with the suffix and container of the Sun ONE Directory Server 5.1 server that you want to use for the scenario.

  8. Save and close the fabrikam-iPlanet-users.ldif file.

Note

It is recommended that you create a Suffix dc=fabrikam,dc=com and within it an OU called People for this scenario. This will eliminate the need to adjust the import file.

  1. From the command prompt, switch to the following directory: C:\Scenarios\ClassicMetadirectory

  2. Then type: import-users-iPlanet.cmd

Important

If you do not follow the naming instructions, you will need to edit your import file as follows: 1. Open Notepad. 2. Open the import file import-users-import-users-iPlanet.cmd in Notepad. 3. Click Edit, and then click Replace. 4. In Find, type: ou=People,dc=fabrikam,dc=com 5. In Replace, type the container where you want to import the objects. 6. Click Replace All. 7. Save the file, and then close Notepad.

Setting Up the Second Server

The second server in the Classic Microsoft Identity Integration Server 2003 Scenario lab will be configured with the following software and in the following order:

  1. Windows Server 2003, Enterprise Edition

  2. SQL Server 2000, Enterprise Edition and SQL Server 2000 SP3

  3. Microsoft Identity Integration Server 2003

The following installation and configuration instructions assume that Windows Server 2003, Enterprise Edition, and Microsoft Identity Integration Server 2003 will be installed on the C: drive of the server.

Important

These instructions are designed to be performed in a particular sequence. Performing any of these steps out of order may cause the scenario not to work.

Windows Server 2003 Enterprise Edition Setup

You will perform a standard Windows Server 2003 installation and join the server to the Active Directory domain you created on the first server in the lab.

To install Windows Server 2003 from the operating system CD

  1. Insert the operating system CD in the CD-ROM drive, and wait for Setup to display a dialog box.

  2. Follow the prompts to install Windows Server 2003 by using the parameters in Table 1.15. Respond to all other installation prompts with information appropriate for your server or location. (Unless indicated, accept the default option.)

When prompted for Use this configuration

Licensing Mode

Per Device or Per User

Server Name

fab-miis-1

Administrator password

You may use any password. You should write the password down for future reference.

Windows 2000 Components (optional)

Select Management and Monitoring Tools and then choose Network Monitor Tools and Terminal Services

Terminal Services Setup (if you chose to install this option above)

Remote administration mode

Networking Settings

Typical. You will specify the DNS settings for the TCP/IP connection used by the server after installation.

Workgroup or Domain

Choose default setting: No, this computer is not on a network, or is on a network without a domain. After installation, you will join the server to the fabnoa.fabcorp.fabrikam.com domain hosted on the first server you set up.

  1. When installation is complete, restart the server.

Next, configure the TCP/IP properties for the network adapter of the server with a DNS server so that you can join this server to the fabnoa.fabcorp.fabrikam.com Active Directory domain hosted on the first server you set up.

To configure TCP/IP settings for DNS

  1. Click Start, click Control Panel, and then click Network Connections.

  2. Right-click the network connection you want to configure, and then click Properties.

  3. On the General tab (for a local area connection) or the Networking tab (for all other connections), click Internet Protocol (TCP/IP), and then click Properties.

  4. Click Use the following DNS server addresses, and in Preferred DNS server or Alternate DNS server, type the IP address of the domain controller you configured as the first server for this lab scenario.

This IP address will be used by the server to locate the DNS server running on the domain controller, and thereby locate the domain controller in order to join the domain fabnoa.fabcorp.fabrikam.com.

To join the server to the fabnoa.fabcorp.fabrikam.com Active Directory domain

  1. Click Start, click Control Panel, and then click System.

  2. On the Computer Name tab, click Change.

  3. Under Member of, click Domain, type the domain name fabnoa.fabcorp.fabrikam.com, and then click OK.

  4. You will be prompted to provide a user name and password to join the server to the domain.

  5. Click OK to close the System Properties dialog box.

    You will be prompted to restart your server to apply your changes.

SQL Server 2000 Setup

The second server in the lab will also run SQL Server 2000, Enterprise Edition.

The procedure title

  1. Follow the installation instructions that accompanied your copy of SQL Server 2000, or follow the instructions provided online at https://support.microsoft.com/default.aspx?scid=kb;en-us;Q303747.

Important

Select Windows security for SQL Server during setup. Specify that the service use the local system service account.

To install SQL Server 2000 SP3

  1. Follow the installation instructions that accompanied your copy of SQL Server 2000 SP3, or follow the instructions provided online at https://support.microsoft.com/default.aspx?scid=/support/servicepacks/SQL/2000/SP3ReadMe.asp#_3.0_service_pack_installation.

  2. After setup, ensure that the SQL Server service is running. If you are not sure, from the command prompt, type:

    net start mssqlserver

MIIS 2003 Setup

Microsoft Identity Integration Server 2003 is set up and configured on the second server in the lab environment.

To install Microsoft Identity Integration Server 2003

  1. Create an account on the local machine that will be used to run Microsoft Identity Integration Server.

    This account is known as the Identity Integration Server 2003 Service account and should have administrator privileges on the local server. You will need the name of the account, the password and the name of the local machine to configure Microsoft Identity Integration Server 2003 during setup. The account you create in this step will have full control over the file structure that Microsoft Identity Integration Server 2003 setup creates, the registry keys that control how the service runs, and the component interface that is used to execute server functions by using Distributed Component Object Model (DCOM).

  2. Run the Microsoft Identity Integration Server 2003 installation media you received and accept all default settings during setup.

  3. Copy the scenario files from the directory \Scenarios\ClassicMetadirectory on the installation media to the Microsoft Identity Integration Server 2003 server and paste them into the directory:

    C:\Scenarios\ClassicMetadirectory

HR Database Setup

The same server used to host Microsoft Identity Integration Server 2003 for this scenario will host the HR database system using a SQL Server 2000 database named MIIS_Scenario_CM. The employee data in this database is stored in a database table named EmployeeData. This scenario uses the SQL Server 2000 default instance that is running on the Microsoft Identity Integration Server 2003 server to get access to this database; although in most deployments, you will likely connect to a different server for your databases.

A command file is provided with this scenario to load the HR data to a database on the local SQL Server 2000 server.

To create the HR database

  1. From the command prompt, type:

    C:\Scenarios\ClassicMetadirectory\InitHRMA.cmd

    This will create the MIIS_Scenario_CM database and the EmployeeData table, and then load data about the Fabrikam employees into that table.

Data Files

When a management agent is deleted, Microsoft Identity Integration Server 2003 does one of the following two modifications with the working folder of the management agent:

  • Delete the folder — The folder will be deleted if a drop file (data file) is not in the folder.

  • Rename the folder — If a drop file is in the folder, the folder will be renamed rather than deleted. This is to protect your data from being deleted by Microsoft Identity Integration Server 2003.

After setting up the management agents for the Classic Metadirectory scenario, the working directory for the Fabrikam Telephone management agent is renamed.

Next