Red Hat Directory Server 8.0 Administrator's Guide
• Directory Server certificate, accessible by the sync services
2.2. Step 2: Configure the Active Directory Domain
The Active Directory domain has to be properly configured for synchronization to work.
1. Set up the Windows domain. On Windows 2000, use the dcpromo tool. On Windows 2003,
install the domain controller for Active Directory by clicking Add or Remove Programs and
then Add/Remove Windows Components.
NOTE
For more detailed information, see the appropriate Windows documentation.
2. Make sure that the Active Directory password complexity policies are enabled so that the
Password Sync service will run.
Run secpol.msc, and select Security Settings, then Account Policies, and Password
Policy. Make sure that Password must meet complexity requirements is selected.
3. Set up SSL on the Active Directory server.
a. Install a certificate authority in the Windows Components section in Add/Remove
Programs.
b. Select the Enterprise Root CA option.
c. Reboot the Active Directory server. If IIS web services are running, the CA certificate can
be accessed by opening http://servername/certsrv.
d. Set up the Active Directory server to use the SSL server cert.
i. Create a certificate request .inf, using the fully-qualified domain name of the Active
Directory as the certificate subject.
ii. Request the certificate by running the following command on the Active Directory
machine:
certreq -new request.inf request.req
iii. Submit the request to the Active Directory CA. For example:
certreq -submit request.req certnew.cer
Step 2: Configure the Active Directory
519