Chat now with support
Chat with Support

Migrator Pro for Active Directory 20.11.2 - Requirements and Installation Guide

Section 1. Introduction Section 2. Directory Sync Pro Prerequisites Section 3. Directory Sync Pro for Active Directory Advanced Network Requirements Section 4. Migrator Pro for Active Directory Prerequisites Section 5. Requirements for Both Directory Sync Pro for Active Directory and Migrator Pro for Active Directory Section 6. Installing Directory Sync Pro for Active Directory and Migrator Pro for Active Directory Section 7. Upgrading Directory Sync Pro for Active Directory and Migrator Pro for Active Directory Section 8. Modifying, Repairing and Uninstalling Directory Sync Pro for Active Directory and Migrator Pro for Active Directory Section 9. Migrator Pro for Active Directory Agent Installation Section 10. Troubleshooting Appendix A: Configuring Directory Sync Pro for Active Directory in a Non-English Active Directory Environment Appendix B. Installing and Configuring SQL Server Reporting Services Appendix C. STIG Environments Appendix D. Deployment in FIPS Environment

Section 2. Directory Sync Pro Prerequisites

2.1 Supported Environments

The following is a list of supported and unsupported environments. If implementing directory synchronization between two Active Directory environments, you will need a Quest Windows Server and an SQL Server database server.

 

Supported

Not Supported

Binary Tree Windows Server

Windows Server 2016, Windows Server 2019, or Windows Server 2022; US English Operating System

All other versions of Windows Server

SQL Server Database

SQL Server can be a new or existing database server in the customer’s environment. The following SQL Server versions (English versions) are supported:

  • SQL Server 2012 SP2

  • SQL Server 2012 SP2 Express with Advanced Services

  • SQL Server 2014

  • SQL Server 2014 Express with Advanced Services

  • SQL Server 2016

  • SQL Server 2016 Express with Advanced Services

  • SQL Server 2017

  • SQL Server 2017 Express with Advanced Services

  • SQL Server 2019

  • SQL Server 2019 Express with Advanced Services

  • SQL Server 2022

  • SQL Server 2022 Express with Advanced Services

SQL Server 2008 R2 or previous

 

Reporting using SQL Server Reporting Services 2016 or SQL Server Express Reporting Services 2016

 

Domain

The following Windows Server versions are supported:

  • Windows Server 2012

  • Windows Server 2016

  • Windows Server 2019

  • Windows Server 2022

 

NTLM Authentication is required for the product to function. NTLM Authentication options are typically controlled via Group Policy. These three settings should be verified:

  • Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers

  • Network security: Restrict NTLM: Incoming NTLM traffic

    • Microsoft Outlines this setting here: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic

    • The registry key for this setting is located at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0

    • The RestrictReceivingNTLMTraffic key, with a DWORD value will be present.  If the key is missing, then this setting is not being leveraged.  If the key is set to 2, the “deny all” option has been set to restrict all incoming NTLM Traffic.  If the key is set to 1, the “audit all” option has been set, which will only log when Incoming NTLM traffic is detected.  If the key is set to 0, then “allow all” is configured and there are not restrictions on receiving NTLM traffic in place.

  • Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
    This allows for exclusions from the two policies below for a computer

2.1 Supported Environments

The following is a list of supported and unsupported environments. If implementing directory synchronization between two Active Directory environments, you will need a Quest Windows Server and an SQL Server database server.

 

Supported

Not Supported

Binary Tree Windows Server

Windows Server 2016, Windows Server 2019, or Windows Server 2022; US English Operating System

All other versions of Windows Server

SQL Server Database

SQL Server can be a new or existing database server in the customer’s environment. The following SQL Server versions (English versions) are supported:

  • SQL Server 2012 SP2

  • SQL Server 2012 SP2 Express with Advanced Services

  • SQL Server 2014

  • SQL Server 2014 Express with Advanced Services

  • SQL Server 2016

  • SQL Server 2016 Express with Advanced Services

  • SQL Server 2017

  • SQL Server 2017 Express with Advanced Services

  • SQL Server 2019

  • SQL Server 2019 Express with Advanced Services

  • SQL Server 2022

  • SQL Server 2022 Express with Advanced Services

SQL Server 2008 R2 or previous

 

Reporting using SQL Server Reporting Services 2016 or SQL Server Express Reporting Services 2016

 

Domain

The following Windows Server versions are supported:

  • Windows Server 2012

  • Windows Server 2016

  • Windows Server 2019

  • Windows Server 2022

 

NTLM Authentication is required for the product to function. NTLM Authentication options are typically controlled via Group Policy. These three settings should be verified:

  • Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers

  • Network security: Restrict NTLM: Incoming NTLM traffic

    • Microsoft Outlines this setting here: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic

    • The registry key for this setting is located at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0

    • The RestrictReceivingNTLMTraffic key, with a DWORD value will be present.  If the key is missing, then this setting is not being leveraged.  If the key is set to 2, the “deny all” option has been set to restrict all incoming NTLM Traffic.  If the key is set to 1, the “audit all” option has been set, which will only log when Incoming NTLM traffic is detected.  If the key is set to 0, then “allow all” is configured and there are not restrictions on receiving NTLM traffic in place.

  • Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
    This allows for exclusions from the two policies below for a computer

2.2 Quest Windows Server Requirements

2.1 Supported Environments

The following is a list of supported and unsupported environments. If implementing directory synchronization between two Active Directory environments, you will need a Quest Windows Server and an SQL Server database server.

 

Supported

Not Supported

Binary Tree Windows Server

Windows Server 2016, Windows Server 2019, or Windows Server 2022; US English Operating System

All other versions of Windows Server

SQL Server Database

SQL Server can be a new or existing database server in the customer’s environment. The following SQL Server versions (English versions) are supported:

  • SQL Server 2012 SP2

  • SQL Server 2012 SP2 Express with Advanced Services

  • SQL Server 2014

  • SQL Server 2014 Express with Advanced Services

  • SQL Server 2016

  • SQL Server 2016 Express with Advanced Services

  • SQL Server 2017

  • SQL Server 2017 Express with Advanced Services

  • SQL Server 2019

  • SQL Server 2019 Express with Advanced Services

  • SQL Server 2022

  • SQL Server 2022 Express with Advanced Services

SQL Server 2008 R2 or previous

 

Reporting using SQL Server Reporting Services 2016 or SQL Server Express Reporting Services 2016

 

Domain

The following Windows Server versions are supported:

  • Windows Server 2012

  • Windows Server 2016

  • Windows Server 2019

  • Windows Server 2022

 

NTLM Authentication is required for the product to function. NTLM Authentication options are typically controlled via Group Policy. These three settings should be verified:

  • Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers

  • Network security: Restrict NTLM: Incoming NTLM traffic

    • Microsoft Outlines this setting here: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic

    • The registry key for this setting is located at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0

    • The RestrictReceivingNTLMTraffic key, with a DWORD value will be present.  If the key is missing, then this setting is not being leveraged.  If the key is set to 2, the “deny all” option has been set to restrict all incoming NTLM Traffic.  If the key is set to 1, the “audit all” option has been set, which will only log when Incoming NTLM traffic is detected.  If the key is set to 0, then “allow all” is configured and there are not restrictions on receiving NTLM traffic in place.

  • Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
    This allows for exclusions from the two policies below for a computer

2.3 SQL Server Database Requirements

  • The IP address and either the default SQL port (1433) or an alternate port must be open to all Quest servers.

  • The ability to create and modify tables in the Dirsync database on the SQL Server database server.

  • It is strongly recommended that the SQL Server database server is dedicated to SQL Server. This server can host other SQL databases, but should serve no other purpose than being a SQL Server database server.

  • SQL Server must be configured using Mixed Mode authentication.

  • Using the default system administrator SQL Server login account is not recommended. A Directory Sync SQL Server login account should be created. This account must have sysadmin and database owner rights to create the Dirsync database. The sysadmin right can be removed from this account once the install is complete.

  • If using a Remote Named Instance of SQL Server:

The incoming firewall rules on the machine that hosts the SQL Server instance must be modified.

Using the SQL default of dynamic ports for named instances:

  1. Create an inbound firewall “Program” rule whose program path is the named SQL database engine (ex: %ProgramFiles%\Microsoft SQL Server\MSSQL14.<INSTANCE-NAME>\MSSQL\Binn\sqlservr.exe)

  2. Create an inbound firewall “Port” rule for UDP port 1434.

  3. The “SQL Server Browser” must be running.

Alternatively, you can setup a fixed port for the SQL instance following these instructions.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating