Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email supportadmin@quest.com for assistance

Directory Sync Pro for Active Directory 20.11.1 - Requirements and Installation Guide

Section 1. Introduction Section 2. Directory Sync Pro Prerequisites Section 3. Directory Sync Pro for Active Directory Advanced Network Requirements Section 4. Migrator Pro for Active Directory Prerequisites Section 5. Requirements for Both Directory Sync Pro for Active Directory and Migrator Pro for Active Directory Section 6. Installing Directory Sync Pro for Active Directory and Migrator Pro for Active Directory Section 7. Upgrading Directory Sync Pro for Active Directory and Migrator Pro for Active Directory Section 8. Modifying, Repairing and Uninstalling Directory Sync Pro for Active Directory and Migrator Pro for Active Directory Section 9. Migrator Pro for Active Directory Agent Installation Section 10. Troubleshooting Appendix A: Configuring Directory Sync Pro for Active Directory in a Non-English Active Directory Environment Appendix B. Installing and Configuring SQL Server Reporting Services Appendix C. STIG Environments Appendix D. Deployment in FIPS Environment

2.4 General Requirements

  • All components of Directory Sync Pro are fully functional on physical as well as virtual machines. When setting up Proof of Concept or Pilot environments, the use of virtual machines as a means of lowering the expense of such projects is fully supported and recommended. However, when it comes to production environments, sufficient information to determine whether virtual environments have the same stability and performance characteristics as physical machines has not yet been gathered. Because a majority of production environments have been and are deployed on physical machines, potential customers are advised of these facts, but defers to them to make the final decision. Product support will be provided in both physical and virtual environments. However, if either stability or performance issues are found in a virtual environment, switching to a physical one as a means of issue correction may be recommended.

  • Binary Tree Servers must be connected via a LAN (10MB or higher) connection. A high-speed WAN (5MB or higher) connection may be acceptable, but is not recommended. Where possible, it is recommended to have these servers, as well as Exchange on the same physical network.

2.5 Exchange Access Requirements

To deploy Directory Sync Pro on the Binary Tree Windows Server, an AD account with Server Administration rights must be able to log on to the server interactively. The account must be able to run programs with Administration-level access on the target Exchange Server and specifically be able to open the Exchange Management Shell (PowerShell).

The following setup for the service account is recommended:

Active Directory

  • Minimum membership of Domain Users (least privilege) built-in security group

  • Read & List Contents rights to "Deleted Objects" container. You may follow these steps if your account is not a Domain Administrator or equivalent (see KB892806):

    Using a domain admin account, open a command prompt and confirm the successful execution of the following commands:

    dsacls "CN=Deleted Objects,DC=domain,DC=com" /takeownership

    dsacls "CN=Deleted Objects,DC=domain,DC=com" /g Domain\ServiceAccount:LCRP

  • Full Control rights to destination OU in Active Directory

Exchange

  • Administrative rights to Exchange

SQL Server

  • Create a new login in the SQL Server Management Studio. In Server Roles, grant public and sysadmin rights (you may remove these rights after the database has been created). In User Mapping, select the Dirsync database and grant public and database owner rights.

Binary Tree Windows Server

  • Member of local Built-In Administrators group

2.6 Post Sync PowerShell Script Requirements

The following requirements must be met if using the Post Sync PowerShell Script option:

  • PowerShell 4

  • The credentials specified on the AD Target tab must have rights to run PowerShell.

  • The following must be enabled on the DC defined on the AD Target tab:

    • Remote PowerShell commands (Unrestricted methods must be enabled if required)

    • Windows Remote Management (WinRM)

    • Active Directory Web Services

Section 3. Directory Sync Pro for Active Directory Advanced Network Requirements

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating