**Active Directory Management (IDSYNC) Agent Deployment Guide**
- System Requirements.
- Hardware Requirements.
- SQL Connection.
- AD Mgmt Agent.
- License Key.
- Control Panel.
- Metadata Sync.
NOTE: Please keep in mind that installation will need to be scheduled with MegaPath Cloud Implementations in order to make sure its installed correctly and in its entirety. Please review the System Requirements, Hardware Requirements as these will need to be completed before installation can occur.
The Active Directory Management (AD Mgmt) server must have access to the following web service URLs:
- http://licensing.identitysyncronizer.com – for license key verification
- https://22.214.171.124:443/rpc2.ashx – the gateway service URL
AD Mgmt is typically installed on a single machine and requires connectivity to all of the domain controllers in your domain, and to a Microsoft SQL database server. If Microsoft SQL is not available at the location, AD Mgmt can also connect to Microsoft SQL Express.
AD Mgmt Installation information needed prior to Installation:
- Domain Administrator Credentials
- SQL Database Credentials
You will need to create credentials if you are installing SQL Express.
- Domain Controller details and access information
AD Mgmt Installation Requirements:
- Service Machine:
- Windows Server 2003, 2008 (all versions) or 2012
- 32 or 64-bit Supported
- .NET Framework 4.0 (or above) *
- Microsoft SQL Server
- Can use an existing Microsoft SQL Server, or SQL Express
- Security Requirements:
- Domain Administrator access privileges
- Domain Controller access
- SQL Service account for AD Mgmt
- Account that AD Mgmt will utilize to connect to the database
- This is a SQL authentication, not Windows authentication
- Password Requirements:
- The minimum length for password is seven (7) characters of different types (uppercase and lowercase letters, numerics, special characters).
- If password is word-based, or there are fewer than three different types of characters, minimum length is 12.
- Minimum length for word-based passwords with only two character classes is 24.
- There should be enough different characters in password; number depends on password class (more for word-based password or password with a few different character types).
- Word-based passwords cannot contain any four-letter portion of the user’s first or last name, the company name, or the domain name.
Domain controllers will need to be restarted to complete the installation.
- 2 GHz processor
- 2 GB RAM
Supported Operating Systems (both 32 and 64 bit):
- Windows Server 2003
- Windows Server 2003 R2
- Windows Server 2008
- Windows Server 2008 R2
- Windows Server 2012
NOTE: It is important to point out that the configuration on your primary domain controller must be fully deployed in order to ensure that the AD Mgmt service functions properly.
- Run the AD Mgmt installer executable on the machine that will host the AD Mgmt service.
- Click [Next] on the Installer Welcome screen:
- Click [Install] on the Ready to Install the Program screen:
- Click [Finish] on the Wizard Completed screen:
- When the installation is complete, open the AD Mgmt Studio from the Start menu:
- From the AD Mgmt Studio, you will be able to configure AD Mgmt:
- Enter the necessary SQL server information in the dialog above.
NOTE: AD Mgmt uses a SQL server user name and password, so mixed mode authentication will need to be enabled. AD Mgmt also communicates with SQL server via TCP/IP and named pipes so these protocols will need to be enabled.
The database specified in the Database Name field will be automatically created by AD Mgmt, so the SQL user specified in this configuration screen will need to have permissions to create databases on the SQL server.
- Once the SQL connection data has been entered, click the ellipsis (…) button to test the connection.
- If the connection is successful, click the [OK] button to continue configuration.
AD Mgmt Agent
AD Mgmt requires an agent service to be installed on each domain controller to capture password changes.
- In the AD Mgmt Studio, click the Agent tab; this will list each domain controller in the domain and allow the installation of the agent software without having to remotely connect to each machine.
- To install the agent on a domain controller, select the appropriate server by clicking the row, and then click the [Install] button.
You will be asked for domain administrator credentials.
- Enter these credentials and click [OK].
There will be a message in the studio stating that the installation is in process – once the installation is complete, this message will disappear.
- Repeat this process for each domain controller.
NOTE: Each domain controller MUST be restarted after the agent has been installed for the agent to collect passwords. Restarting does not need to occur immediately; it can wait until your standard maintenance window.
Troubleshooting the Installation
If issues arise during installation on the domain controllers, please see the Troubleshooting Guide for instructions regarding setup.
If there are any machines on your domain that are not domain controllers that have Active Directory Users and Computers (ADUC) installed, components can be installed on those machines so that they show the AD Mgmt tabs in ADUC.
- To install these components, click the MMC tab in the AD Mgmt Studio. This will show a list of all of the machines in the domain.
- To install the MMC components, select the appropriate server by clicking the row, and then click the [Install] button. This will display a dialog requesting a domain administrator user name and password.
- Enter these credentials and click [OK].
- To install the AD Mgmt service, click the Service tab in the AD Mgmt studio. Click the [Install Service] button.
- This will install the service and start it up.
The service state is reflected by the indicator above the [Start Service] and [Stop Service] buttons.
If the service is running, it will be green; if it is stopped, it will be red.
The service can be started or stopped using the [Start Service] and [Stop Service] buttons.
- Enter the License Code and Company Name provided to you.
- Click the ellipsis (…) button to verify that your key is valid.
A separate key is needed for each installation.
- To configure the AD Mgmt connector, click the [Parallels] tab in the AD Mgmt Studio.
- Enter the Webservice URL.
- Enter the AD Admin User and Password.
- This account is a domain admin account within your local Active Directory.
- Enter the valid Gateway User and Password that have been provided to you.
- Click the [Authenticate] button.
The Account Number, Subscription ID, and Gateway Secret will automatically populate upon validation.
NOTE: The Account Number and Subscription ID fields are read-only, so they cannot be updated by the user. For requests to get through the gateway they must match the gateway user, gateway password, and account number; so if these values are changed in the database to something other than what is in the gateway, the request will be discarded.
The Defaults checkboxes are defaults for a new mailbox – if a user in AD Mgmt does not already have a mailbox provisioned when they open the Exchange Properties dialog, these options will be checked.
The Login ID section will attempt to set the login ID as each of the options listed (in order) and move to the next if one fails. It is recommended to use Primary Email first.
This tab displays all of the fields that AD Mgmt is able to synchronize between Active Directory and the Control Panel.
- To enable a field for synchronization, check the box next to its name.
- To save any changes made in the Management Studio configuration, click [Apply].