サポートと今すぐチャット
サポートとのチャット

Directory Sync Pro for Active Directory 20.11.4 - Installation Guide

Introduction Directory Sync Pro Prerequisites Directory Sync Pro Advanced Network Requirements Migrator Pro Prerequisites Common Requirements for Directory Sync Pro and Migrator Pro Installing Directory Sync Pro and Migrator Pro Upgrading Directory Sync Pro and Migrator Pro Modifying, Repairing and Uninstalling Directory Sync Pro and Migrator Pro Migrator Pro Agent Installation Troubleshooting Appendix A: Configuring Directory Sync Pro in a Non-English Active Directory Environment Appendix B. Installing and Configuring SQL Server Reporting Services Appendix C. STIG Environments Appendix D. Deployment in FIPS Environment Appendix E. Invalid and Expired Licenses

General Requirements

  • All components of Directory Sync Pro are fully functional on physical as well as virtual machines. When setting up Proof of Concept or Pilot environments, the use of virtual machines as a means of lowering the expense of such projects is fully supported and recommended. However, when it comes to production environments, sufficient information to determine whether virtual environments have the same stability and performance characteristics as physical machines has not yet been gathered. Because a majority of production environments have been and are deployed on physical machines, potential customers are advised of these facts, but defers to them to make the final decision. Product support will be provided in both physical and virtual environments. However, if either stability or performance issues are found in a virtual environment, switching to a physical one as a means of issue correction may be recommended.
  • Quest Servers must be connected via a LAN (10MB or higher) connection. A high-speed WAN (5MB or higher) connection may be acceptable, but is not recommended. Where possible, it is recommended to have these servers, as well as Exchange on the same physical network.

Exchange Access Requirements

To deploy Directory Sync Pro on the Quest Windows Server, an AD account with Server Administration rights must be able to log on to the server interactively. The account must be able to run programs with Administration-level access on the target Exchange Server and specifically be able to open the Exchange Management Shell (PowerShell).

The following setup for the service account is recommended:

Active Directory

  • Minimum membership of Domain Users (least privilege) built-in security group
  • Read & List Contents rights to "Deleted Objects" container. You may follow these steps if your account is not a Domain Administrator or equivalent (see KB892806):
  • Using a domain admin account, open a command prompt and confirm the successful execution of the following commands:
  • dsacls "CN=Deleted Objects,DC=domain,DC=com" /takeownership
  • dsacls "CN=Deleted Objects,DC=domain,DC=com" /g Domain\ServiceAccount:LCRP
  • Full Control rights to destination OU in Active Directory

Exchange

  • Administrative rights to Exchange

SQL Server

  • Create a new login in the SQL Server Management Studio. In Server Roles, grant public and sysadmin rights (you may remove these rights after the database has been created). In User Mapping, select the Dirsync database and grant public and database owner rights.

Quest Windows Server

  • Member of local Built-In Administrators group

Post Sync PowerShell Script Requirements

The following requirements must be met if using the Post Sync PowerShell Script option:

  • PowerShell 4
  • The credentials specified on the AD Target tab must have rights to run PowerShell.
  • The following must be enabled on the DC defined on the AD Target tab:
    • Remote PowerShell commands (Unrestricted methods must be enabled if required)
    • Windows Remote Management (WinRM)
    • Active Directory Web Services

Directory Sync Pro Advanced Network Requirements

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択