Account Management 3.0
 
Platform Services Quick Start Guide for Windows
    Prerequisites
  1. The ADSI Version 2.5 for WinNT 4.0 and Windows Script Host 5.6 for WinNT 4.0 must be installed before the Domain scripts will execute correctly on Windows NT (Windows 2000 ships with these). These self-extracting files can be downloaded from Microsoft's msdn web site.
  2. Regarding MS patch Q299444. It causes scripts to get error 800004005, which is an "Unspecified error". We are currently researching this problem and have notified Microsoft of the problem. For the scripts to run, you will have to uninstall the above patch. For updates always check support.novell.com


    To install Platform Services for Windows
    3.
  3. If you do not have an appropriately configured Platform Set object, use the Account Management Web Interface to create a Platform Set object and associate the appropriate users and groups with it via the search object configuration page also make sure that search object for the platform is covered by a Census search object.
    Generally platform sets are determined by sets of users and groups, and multiple types of platforms can reside in a single platform set and users and groups can reside in multiple platform sets.
    When ever you modify a search object for the census or platform sets you should start a trawl to populate the platforms.
  4. Initially you can set permit password replication to off, in the platform object through the web interface, for testing a small number of users.
  5. Use the Account Management Web Interface to create a Platform Object in an appropriate Platform Set.
    Make sure you set all the IP addresses for the Platform in the web interface to make sure mutually authenticated SSL will function properly.
  6. Log in as Administrator to the workstation or server where you are installing Platform Services.
  7. Retrieve the Platform Services Setup program from here pssetup.exe or from the Distribution Directory in the Web Interface.
  8. Run pssetup and follow the instructions as prompted.
    Reboot to make sure the path is modified for the services correctly.
    9.
  9. Go to the ASAM Platform Receiver Service configuration, under the services control panel, right click, select properties, in the start parameters enter a -f and start the service.
  10. The service will stop automatically when the full sync is complete; at this time you can check the Application Log in the Event Viewer, if there are no platform services errors or warnings Platform Services Receiver is operating correctly.
  11. Set the service so run automatically if you wish
    If you wish to run the any account management service while no user is logged in you must update the "log On" tab for the service appropriately.
  12. The users should be provisioned to the platform with out a password.


    Testing Password Replication for the Platform
  13. If you installed the Platform Services Process make sure the service is running in the Services Control Panel.
    If you wish to run the any account management service while no user is logged in you must update the "log On" tab for the service appropriately.
  14. Verify that ascauth.dll is in the c:\winnt\system32 directory. (There is a possibility that with certain options selected during the install this file will not be copied)
  15. In the Account Management Web Interface edit the platform object associated to the platform and turn Password Replication on.
  16. Change the password of one of the users provisioned to Windows using normal windows tools for the AD, Domain, or Workgroup.
  17. Wait a bit.
  18. Verify the password was communicated to the Account Management Agent by viewing the audit log for the agent(s) configured in the setup program. The log should state that the password was successfully changed for that user.
    The errors for Secret Store may also appear in the Operational Log
  19. If you get a Secret Store error writing the "secret" see the Troubleshooting Secret Store.


    Installing and Configuring Novell Client Password Intercept
  20. Retrieve the Novell Client Password Intercept from here am300_client32_intercept.exe or from the Distribution in the Web Interface.
    Make sure you use the correct agent port.
    If you receive an error the asamplat.conf file all ready exists, generally you can ignore this, because a previous install has configured this file. To verify this you may want to look in the c:\winnt\asamplat.conf and verify all the agent configurations are correct.
  21. Reboot to let the in use files be copied correctly.
  22. Change a password for a user provisioned to the platform via ConsoleOne or similar utility
  23. Wait a bit.
  24. Verify the password was communicated to the Account Management Agent by viewing the audit log for the agent(s) configured in the setup program. The log should state that the password was successfully changed for that user.
    The errors for Secret Store may also appear in the Operational Log
  25. If you get Secret Store error writing the "secret" see the Troubleshooting Secret Store.

    Installing and Configuring NetWare Server Password Intercept
  26. If you wish to capture password changes through NDK applications running on the server you need to install the NetWare password intercept (in a future release of eDirectory this intercept will also capture LDAP password changes). To accomplish this retrieve the AMPM.nlm and netnlm32.nlm and copy them to the sys:system folder on the server.
  27. Restart the Server (AMPM.nlm is autoloaded by netnlm32.nlm).
  28. To verify the AMPM nlm is loaded correctly issue the command "modules ampm*" at the server prompt.
    In a future NetWare service pack netnlm32.nlm will be updated to call AMPM.nlm, to test this, you can install the service pack. Restart the server and verify if AMPM is loaded. If it is loaded then netnlm32 has this support built in, if it does not you will need to copy over the one in the NetWare service pack with the one in this distribution.