立即与支持人员聊天
与支持团队交流

Directory Sync Pro for Active Directory 20.11.4 - Installation Guide

Introduction Directory Sync Pro Prerequisites Directory Sync Pro Advanced Network Requirements Migrator Pro Prerequisites Common Requirements for Directory Sync Pro and Migrator Pro Installing Directory Sync Pro and Migrator Pro Upgrading Directory Sync Pro and Migrator Pro Modifying, Repairing and Uninstalling Directory Sync Pro and Migrator Pro Migrator Pro Agent Installation Troubleshooting Appendix A: Configuring Directory Sync Pro in a Non-English Active Directory Environment Appendix B. Installing and Configuring SQL Server Reporting Services Appendix C. STIG Environments Appendix D. Deployment in FIPS Environment Appendix E. Invalid and Expired Licenses

Directory Sync Pro Prerequisites

Supported Environments

The following is a list of supported and unsupported environments. If implementing directory synchronization between two Active Directory environments, you will need a Quest Windows Server and an SQL Server database server.

Environment

Supported

Not Supported

Binary Tree Windows Server

Windows Server 2016, Windows Server 2019, Windows Server 2022, or Windows Server 2025; US English Operating System

All other versions of Windows Server

SQL Server Database

SQL Server can be a new or existing database server in the customer’s environment. The following SQL Server versions (English versions) are supported:

  • SQL Server 2012 SP2
  • SQL Server 2012 SP2 Express with Advanced Services
  • SQL Server 2014
  • SQL Server 2014 Express with Advanced Services
  • SQL Server 2016
  • SQL Server 2016 Express with Advanced Services
  • SQL Server 2017
  • SQL Server 2017 Express with Advanced Services
  • SQL Server 2019
  • SQL Server 2019 Express with Advanced Services
  • SQL Server 2022
  • SQL Server 2022 Express with Advanced Services

SQL Server 2008 R2 or previous

 

SQL Server Reporting Services 2016 or higher is not supported at this time

Domain

The following Windows Server versions are supported:

  • Windows Server 2012
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022
  • Windows Server 2025
 

NTLM Authentication is required for the product to function. NTLM Authentication options are typically controlled via Group Policy. These three settings should be verified:

  • Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers
  • Network security: Restrict NTLM: Incoming NTLM traffic
    • Microsoft Outlines this setting here: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic
    • The registry key for this setting is located at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
    • The RestrictReceivingNTLMTraffic key, with a DWORD value will be present.  If the key is missing, then this setting is not being leveraged.  If the key is set to 2, the “deny all” option has been set to restrict all incoming NTLM Traffic.  If the key is set to 1, the “audit all” option has been set, which will only log when Incoming NTLM traffic is detected.  If the key is set to 0, then “allow all” is configured and there are not restrictions on receiving NTLM traffic in place.
  • Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
    This allows for exclusions from the two policies below for a computer

Quest Windows Server Requirements

  • .NET 4.8 or greater. The installer will install .NET 4.8 if the target machine does not already have it. All system patches, service packs, and security updates should be applied to you operating system to ensure compatibility with .NET 4.8.
  • IPv4 Only
  • The user running the Directory Sync service (full name BinaryTree.DirSync.Exchange.exe) must have the following rights:
    1. Administrator rights to SQL Server with sysadmin role (during installation).
    2. Local administrative rights to the Quest Windows server (during installation).
  • Exchange cannot be installed on an Exchange Server.
  • The Quest Windows Server must be a dedicated server for the Quest solutions.
  • The Quest Windows Server can be a workgroup (non-domain joined) server.  Note, in order to use Migrator Pro's Role Based Access Control functionality, product must be installed and configured on a Domain Joined server.

SQL Server Database Requirements

  • The IP address and either the default SQL port (1433) or an alternate port must be open to all Quest servers.
  • The ability to create and modify tables in the Dirsync database on the SQL Server database server.
  • It is strongly recommended that the SQL Server database server is dedicated to SQL Server. This server can host other SQL databases, but should serve no other purpose than being a SQL Server database server.
  • SQL Server must be configured using Mixed Mode authentication.
  • Using the default system administrator SQL Server login account is not recommended. A Directory Sync SQL Server login account should be created. This account must have sysadmin and database owner rights to create the Dirsync database. The sysadmin right can be removed from this account once the install is complete.
  • If using a Remote Named Instance of SQL Server:

The incoming firewall rules on the machine that hosts the SQL Server instance must be modified.

Using the SQL default of dynamic ports for named instances:

  1. Create an inbound firewall “Program” rule whose program path is the named SQL database engine (ex: %ProgramFiles%\Microsoft SQL Server\MSSQL14.<INSTANCE-NAME>\MSSQL\Binn\sqlservr.exe)
  2. Create an inbound firewall “Port” rule for UDP port 1434.
  3. The “SQL Server Browser” must be running.

Alternatively, you can setup a fixed port for the SQL instance following these instructions.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级