Preparing for an ADC Install of Domain Services for Windows.
This document (7009927) is provided subject to the disclaimer at the end of this document.
Domain Services for Windows
For OES2-SP2 or OES2-SP3 DSfW use SLES10-SP3.
For OES11 use SLES11-SP1.
eDirectory can not be installed on the server prior to installing DSfW.
/etc/hosts should have the domain name listed as well as the loopback address listed. If the 127.0.0.2 address also exists, please rem it out along with the IPv6 line (starts with ::1) or follow TID 7010075.
example of an /etc/hosts with a server named server1 and domain name of dsfwdomain.com:
192.168.0.6 server2.dsfwdomain.com server2
/etc/resolv.conf should list the first nameserver with the IP address of the PDC DSfW server. If DNS is to be configured on the ADC server, the second nameserver should be the ADC servers.
If DNS is not running on the PDC the install will fail. DNS has to authoritive and primary for the zone.
Verify the time and time zone is correct.
Perform a eDirectory Health check as listed in TID 3564075.
When installing DSfW only select the DSfW pattern. All the necessary patterns will also be selected. Do not uncheck any of the other patterns.
In the eDirectory configuration section, for the "IP Address of an existing eDirectory server with a replica" enter the IP address of the PDC server of the domain. This usually means the IP address of the first DSfW server. If installing an ADC for a child domain be sure to use the IP address of the PDC for the child domain.
Verify uniquedomainid attribute is present on all objects within the domain. This can be done using ldapsearch or with iMonitor.
Check for objects with out the uniquedomainid using ldapsearch on the first DSfW server
This search will list of objects with out uniquedomainid attribute and send the list to /tmp/uniquedomainid.txt.
LDAPCONF=/etc/opt/novell/xad/openldap/openldap.conf ldapsearch -Y EXTERNAL -LLL -Q -b "" -s sub '(!(uniquedomainid=*))' dn uniquedomainid | tee /tmp/uniquedomainid.txt
The list might have objects that are not in the domain like the ou=configuration container or other partitions that are not part of the domain since the search is going a subtree search. If the base is specified as the domain name (dc=dsfwdomain,dc=com) the search be restricted to the domain on a dsfw server.
Some key objects to check for the uniquedomainid attribute are: krbtgt, domain controller object, and the container mapped to the domain.
ldapsearch can be used to check these individual objects.
Example of ldapsearches:
domain name = novell.com
container mapped to domain = o=novell
dsfw server = dsfw-s1
Example of a ldapsearch for the container mapped to the domain and successfully returning the uniquedomainid on the container mapped to the domain:
LDAPCONF=/etc/opt/novell/xad/openldap/openldap.conf ldapsearch -Y EXTERNAL -LLL -Q -b "o=novell" -s base dn uniquedomainid
Example of a ldapsearch for the Domain Controller object and successfully returning the uniquedomainid on the Domain Controller object:
LDAPCONF=/etc/opt/novell/xad/openldap/openldap.conf ldapsearch -Y EXTERNAL -LLL -Q -b "cn=dsfw-s1,ou=domain controllers,dc=novell,dc=com" -s base dn uniquedomainid
dn: cn=DSFW-s1,ou=Domain Controllers,o=novell
Example of a ldapsearch for the krbtgt object and successfully returning the uniquedomainid on the krbtgt object:
LDAPCONF=/etc/opt/novell/xad/openldap/openldap.conf ldapsearch -Y EXTERNAL -LLL -Q -b "cn=krbtgt,cn=users,dc=novell,dc=com" -s base dn uniquedomainid
/opt/novell/eDirectory/bin/ldapsearch -x -LLL -h 127.0.0.1 -p 636 -D cn=admin,o=novell -w novell -E /etc/opt/novell/certs/SSCert.der -b "o=novell" -s base dn uniquedomainid
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7009927
- Creation Date:24-DEC-11
- Modified Date:16-APR-13
- NovellOpen Enterprise Server
Did this document solve your problem? Provide Feedback