Task 1: Install Password Synchronization on a Domain Controller
Applies To: Windows Server 2003 R2
This topic contains the following sections:
Verify that your computer is a domain controller
Promote your computer to a domain controller
Install Password Synchronization
Continue with Password Synchronization Setup
Verify that your computer is a domain controller
If you are uncertain whether the computer on which you want to install Password Synchronization is a domain controller, click Start, click Administrative Tools, and then click Manage Your Server. The Manage Your Server window lists the roles installed on the computer under the text Your server has been configured with the following roles, and specifies whether a computer is a domain controller.
Domain controllers also include tools installed with Administrative Tools that are not available on other computers, such as Active Directory Domains and Trusts, Active Directory Sites and Services, and Active Directory Users and Computers.
If the computer is not a domain controller, follow the procedure Promote your computer to a domain controller. Otherwise, proceed to Install Password Synchronization.
Promote your computer to a domain controller
If the computer on which you want to install Password Synchronization is not a domain controller, perform the steps in this section. Otherwise, proceed to Install Password Synchronization.
Important
Because promoting your computer to a domain controller requires domain administrator access, and can remove the computer from your network, read Domain controllers and all related topics, in the Active Directory Help before promoting your computer to a domain controller.
Click Start, click Run, type dcpromo in the text box, and then click OK.
The Active Directory Installation Wizard opens.
Click Next.
On the Operating System Compatibility page, read the information and then click Next.
If this is the first time you have installed Active Directory on a server running Windows Server 2003, click Compatibility Help for more information.
On the Domain Controller Type page, click to select one of two options:
Additional domain controller for an existing domain
This option requires that you are a member of the Domain Administrators group for the target domain, or the Enterprise Administrators group in Active Directory.
Domain controller for a new domain
Click Next.
If you chose Additional domain controller for an existing domain, follow the procedure Create an additional domain controller in the Windows Server 2003 Help, starting with Step 4.
If you chose Domain controller for a new domain, go on to the next step in this section.
On the Create New Domain page, choose one of the following options:
Child domain in an existing domain tree
You must be a member of the Enterprise Administrators group to continue with this installation.
Domain tree in an existing forest
You must be a member of the Enterprise Administrators group to continue with this installation.
Domain in a new forest
Creating a new forest requires some advance planning. Before creating a new forest, decide on a practical Domain Name System (DNS) name for this computer, as well as a NetBIOS name. For more information, see Namespace planning for DNS in Windows Server 2003 Help.
Click Next.
Complete setup using the Windows Server 2003 Help procedure for the domain option you selected in Step 6 of this section.
If you selected Child domain in an existing domain tree, follow the steps from Step 5 in Create a new child domain.
If you selected Domain tree in an existing forest, follow the steps from Step 5 in Create a new domain tree.
If you selected Domain in a new forest, follow the steps from Step 5 in Create a new forest.
When you have completed the Active Directory Installation Wizard and successfully configured your domain controller, proceed to Install Password Synchronization.
Install Password Synchronization
You can install Password Synchronization using either the Windows interface, or by using command-line tools.
To install Password Synchronization by using the Windows interface
To install Password Synchronization by using command-line tools
To install Password Synchronization by using the Windows interface
Before installing Password Synchronization, have your Windows Server 2003 R2 product CD available, or have available the network path to your Windows Server 2003 R2 installation files. The Password Synchronization installation process may prompt you to locate required files that are stored on the product CD.
Click Start, click Control Panel, and then click Add or Remove Programs.
Click Add/Remove Windows Components.
When the Windows Components Wizard opens, click to fill the Active Directory Services check box.
With Active Directory Services highlighted, click Details.
When the Active Directory Services dialog box opens, click to fill the Identity Management for UNIX check box.
With Identity Management for UNIX highlighted, click Details.
When the Identity Management for UNIX dialog box opens, click to fill the Password Synchronization check box.
Because Administration Components are required for Password Synchronization operation, this item is automatically selected for installation when you select Password Synchronization.
Click OK.
The Windows Components Wizard begins installing the Identity Management for UNIX components you selected.
If you are prompted to locate files required for Password Synchronization installation, insert the Windows Server 2003 R2 product CD, or browse to the network location of your Windows Server 2003 R2 installation files.
When installation completes, restart your computer to begin working with Password Synchronization.
To install Password Synchronization by using command-line tools
You can use an answer file to run the Identity Management for UNIX Installation Wizard without your having to be present for interactive responses. Create the answer file, and then run it at a command prompt on the installation computer.
Have your Windows Server 2003 R2 product CD available for this command-line installation.
Perform the following steps to install Password Synchronization by using a command-line environment:
Create an unattended answer file in %windir% with the following contents.
Note
The unattended answer file is a plain text file that Windows Server operating systems use to respond to prompts about your installation preferences. For more information about unattended installations, see Unattended Installation Fundamentals in the "Windows Server 2003 Deployment Guide."
[Components]
Psync=on
Idmumgmt=on
At a command prompt, type the following, and press Enter.
synocmgr /i:%windir%\inf\sysoc.inf /u:<answerfile.txt> /q
Continue with Password Synchronization Setup
To continue setting up Password Synchronization, go on to Task 2: Install the Password Synchronization Daemon on UNIX-based Computers.