LDAP-UX Client Services B.04.10 with Microsoft Windows Active Directory Server Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

121

122

123

124

125

126

127

128

129

130

Adding Additional Domain Controllers

Your Active Directory contains configuration profiles downloaded by each client system and

name service data accessed by each client system. As your environment grows, you may need

to add additional domain controllers to your environment. Follow these steps:

1. Use the dcpromo.exe tool to install and configure a new Active Directory domain controller.

For more information, refer to the respective literature on Active Directory or check

Microsoft's library at http://msdn.microsoft.com/library/default.asp

2. Install the Server for NIS to view and edit the POSIX attributes of your user objects.

Alternatively, the ADSI edit snap-in can be used to modify POSIX attributes. This only needs

to be done if POSIX attributes are being maintained on this domain controller.

3. Create a new profile that specifies the new domain controller. The new profile can be identical

to another profile, except the preferredServerList attribute specifies a new domain

controller. Refer to “Creating a New Profile” (page 124).

Refer to “LDAP-UX Client Services Object Classes” (page 141) for a description of the

preferredServerList attribute.

4. On all clients that are to use the new controller, edit the start-up file,

/etc/opt/ldapux/ldapux_client.conf, to refer to the new domain controller and

the new profile. Modify the PROFILE_ENTRY_DN line as described under“Changing Which

Profile a Client is Using” (page 125). Modify the LDAP_HOSTPORTline to specify the domain

controller server.

5. Download the new profile from the new domain controller as described in “Downloading

the Profile Periodically” (page 55).

Adding Users, Groups, and Hosts

Select one of the following methods to add data to ADS.

• You can create user, group, and other service objects by using the object classes and attributes

specified by RFC 2307. In this situation you must import an ldif file with all RFC 2307

object classes and attributes specified.

• Alternatively, you can add users, groups, and hosts using the Windows 2000 or 2003 Active

Directory Users and Computers administrative tool. If using Active Directory Users and

Computers, perform the following to set POSIX attributes:

1. Start Active Directory Users and Computers.

2. Click the users (or computers) you want to set for POSIX attributes.

3. Select Properties from the Action menu.

4. Click the Unix Attributes tab.

5. In the NIS Domain box, select a NIS domain from the list. Server for NIS creates a

default NIS domain based on your Active Directory domain name.

6. For users, fill in the UID, Login Shell, Home Directory, and Primary group name/GID

fields. Click OK.

For hosts, fill in the IP Address and the Alias Name. Click OK.

• Add networks, protocols, services, rpc objects, or set POSIX attribute memberUID for groups

using the ADSI edit snap-in tool. These object classes and attributes cannot be populated

from the Active Directory Users and Computers tool.

1. On your domain controller, click Start, then Run. In the Open dialog box, entermmc,

then click OK.

2. Click the Microsoft Management Console menu, then select Add/Remove Snap-In.

3. In the Add/Remove Snap-In dialog box, click Add.

4. In the Add Standalone Snap-In dialog box, select ADSI Edit, then click Add and then

Close.

122 Administering LDAP-UX Client Services