Prerequisites

Software

The following software is required to perform these procedures:

  • ADSIEdit.msc, the Microsoft AD management console that is shipped with AD LDS. You can run this from the Start menu or from the command line.

Information

You will need the following information:

  • A user account authorized to make AD schema changes (shown as AD-admin and AD-password below).
  • The user account in the domain controlled by your AD server that you will be granting ES administrative authority.

    To simplify the process we recommend that this account have a name that is no longer than eight characters, ASCII, and has no spaces; and that the account's "Common name" (the name that appears in the list of users on the domain controller, in the Active Directory Users and Computers console) be the same as its "Logon name" (shown in the Account tab of the user's Properties in Users and Computers). Also, you may run into problems if this account exists both on the domain and the local computer, with the same name but with different passwords.

    This account is shown as ES-admin and ES-password below.

  • The location of the AD server (shown as servername below).
  • The DN of the AD domain (shown as domain-DN below). Normally, this will be the fully-qualified domain name of the AD host, minus the hostname, with each segment of the name listed as a separate DC element, so for example server.dept.mydom.com would use:

    DC=dept,DC=mydom,DC=com

Preparation

This procedure assumes that you have already:

  • Configured your Active Directory schema and repository for ES LDAP-based security.
  • Installed an Enterprise Server product on at least one system.