You will need a suitable user object class defined in your Active Directory schema. This can be any class that can be used to define Windows security principals. For this example, we will use the user class defined by Microsoft (in the LDIF file MS-user.ldf, included with Active Directory).
You will also need to have populated your Active Directory repository with some users. You may have already defined your Windows domain users in Active Directory, or you may want to define just a few users for a trial implementation.
You will need to have updated the Active Directory schema with the Micro Focus object class definitions for user groups and resource access rules, and created the containers for those objects. Generally, you will also want to have installed the user group and resource access definitions included with the default ES/MSS security configuration, which you can edit later to suit your requirements. Usually all of this is done by installing the default security configuration included with ES/MSS, which is contained in es_default_ldap.ldf and installed using the es-ldap-setup.cmd script. This script is provided as a sample, and may need to be modified for your installation, particularly if you are using the full Active Directory (rather than AD LDS) as your LDAP server for Enterprise Server.
The default configuration includes a number of built-in user accounts (CICSUSER, SYSAD, etc.). If you want to use the default configuration, you will need to add these users to Active Directory in a separate operation, as described below in the "Active Directory" section.