All components of Directory Sync Pro are fully functional on physical as well as virtual machines. When setting up Proof of Concept or Pilot environments, the use of virtual machines as a means of lowering the expense of such projects is fully supported and recommended. However, when it comes to production environments, sufficient information to determine whether virtual environments have the same stability and performance characteristics as physical machines has not yet been gathered. Because a majority of production environments have been and are deployed on physical machines, potential customers are advised of these facts, but defers to them to make the final decision. Product support will be provided in both physical and virtual environments. However, if either stability or performance issues are found in a virtual environment, switching to a physical one as a means of issue correction may be recommended.
Quest Servers must be connected via a LAN (10MB or higher) connection. A high-speed WAN (5MB or higher) connection may be acceptable, but is not recommended. Where possible, it is recommended to have these servers, as well as Exchange on the same physical network.
To deploy Directory Sync Pro on the Quest Windows Server, an AD account with Server Administration rights must be able to log on to the server interactively. The account must be able to run programs with Administration-level access on the target Exchange Server and specifically be able to open the Exchange Management Shell (PowerShell).
The following setup for the service account is recommended:
Minimum membership of Domain Users (least privilege) built-in security group
Read & List Contents rights to "Deleted Objects" container. You may follow these steps if your account is not a Domain Administrator or equivalent (see KB892806):
Using a domain admin account, open a command prompt and confirm the successful execution of the following commands:
dsacls "CN=Deleted Objects,DC=domain,DC=com" /takeownership
dsacls "CN=Deleted Objects,DC=domain,DC=com" /g Domain\ServiceAccount:LCRP
Full Control rights to destination OU in Active Directory
Administrative rights to Exchange
Create a new login in the SQL Server Management Studio. In Server Roles, grant public and sysadmin rights (you may remove these rights after the database has been created). In User Mapping, select the Dirsync database and grant public and database owner rights.
Member of local Built-In Administrators group
The following requirements must be met if using the Post Sync PowerShell Script option:
PowerShell 4
The credentials specified on the AD Target tab must have rights to run PowerShell.
The following must be enabled on the DC defined on the AD Target tab:
Remote PowerShell commands (Unrestricted methods must be enabled if required)
Windows Remote Management (WinRM)
Active Directory Web Services
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center