Extending the Schema in the Microsoft® Windows® 2000 Server Resource Kit, available at http://msdn.microsoft.com

Installing Active Directory in the Microsoft® Windows® 2000 Server Resource Kit

Microsoft® Knowledge Base Articles

216999 Installing the remote server administration tools in Windows® 2000

314978 Using the Adminpak.msi to install a server administration tool in Windows® 2000

247078 Enabling SSL communication over LDAP for Windows® 2000 domain controllers

321051 Enabling LDAP over SSL with a third-party certificate authority

Directory services preparation for Active Directory

To set up directory services for use with RILOE II management processors:

1.Install Active Directory. For more information, refer to Installing Active Directory in the Microsoft® Windows® 2000 Server Resource Kit.

2.Install the Microsoft® Admin Pack (the ADMINPAK.MSI file, which is located in the i386 subdirectory of the Windows® 2000 Server or Advance Server CD). For more information, refer to the Microsoft® Knowledge Base Article 216999.

3.In Windows® 2000, the safety interlock that prevents accidental writes to the schema must be temporarily disabled. The schema extender utility can do this if the remote registry service is running and the user has sufficient rights. This can also be done by setting

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ServicesParameters\Schema Update Allowed in the registry to a non-zero value (refer to the "Order of Processing When Extending the Schema" section of Installation of Schema Extensions in the Windows® 2000 Server Resource Kit) or by the following steps. This step is not necessary if you are using Windows® Server 2003.

IMPORTANT: Incorrectly editing the registry can severely damage your system. HP recommends creating a back up of any valued data on the computer before making changes to the registry.

a.Start MMC.

b.Install the Active Directory Schema snap-in in MMC.

c.Right-clickActive Directory Schema and select Operations Master.

d.Select The Schema may be modified on this Domain Controller.

e.Click OK.

The Active Directory Schema folder might need to be expanded for the checkbox to be available.

4.Create a certificate or install Certificate Services. This step is necessary to create a certificate or install Certificate Services because RILOE II communicates with Active Directory using SSL. Active Directory must be installed before installing Certificate Services.

5.To specify that a certificate be issued to the server running active directory:

a.Launch Microsoft® Management Console on the server and add the default domain policy snap- in (Group Policy, then browse to Default domain policy object).

b.Click Computer Configuration>Windows Settings>Security Settings>Public Key

Policies.

c.Right-clickAutomatic Certificate Requests Settings, and select new>automatic certificate request.

d.Using the wizard, select the domain controller template, and the certificate authority you want to use.

Directory services 84

Page 84
Image 84
HP 232664-006 manual Directory services preparation for Active Directory