Novell Doc: OES 2 SP3: Domain Services for Windows Administration Guide

5.5 Meeting the Installation Requirements

Before you start the process of installation, ensure you have met the following prerequisites. These steps can be used to validate the state of the system before beginning the installation process.

5.5.1 Installation Prerequisites For a Non-Name-Mapped Setup

Domain Name and Name Server Configuration is Correct

Before installing DSfW, ensure the domain name is entered correctly in YaST. To verify and correct the domain name, do the following:

Open YaST>NetWork Configurations. Select the Hostname and Name Server option.
Verify that the domain name is correct.
Select the Write Hostnames to /etc/hosts option to ensure that changes you have made gets added to the /etc/hosts files.
Verify that the Name Server 1 points to a DSfW domain controller that is also acting as the DNS server. By default the first domain controller of the first domain will always host the DNS server. However, for the first domain controller of the first domain, Name Server 1 must be the IP address of the local server. For details see, DNS Server is Installed.

IMPORTANT:In case of installation of a child domain, make sure you specify the name of the parent domain in the Domain Search field for resolving hostnames.
Click OK to save the changes.

DNS Server is Installed

Ensure that Novell DNS service is installed and the server is up and running to resolve name resolution queries.

In case of a first domain installation, the /etc/resolv.conf file must have an entry of the local DNS server. Whereas if it is child domain installation, the /etc/resolv.conf file must have the entry of the parent DNS server.

Time is Synchronized

Ensure time is synchronized between all servers in the replica ring by executing the following command:

ndscheck -a <bind dn> -w <password>

This command in addition to displaying partition and replica health also displays time difference between servers in the replica ring. If you observe a time difference between the server, ensure that all the servers in the replica ring are referencing the same NTP server. After this is done, restart the NTP server by using the rcntp restart command.

Server State in the Replica Ring

Verify that the state of the servers in the replica ring is On by executing the following command:

ndsstat -r

The ndsstat utility displays information related to eDirectory servers, such as the eDirectory tree name, the fully distinguished server name, and the eDirectory version.

5.5.2 Installation Prerequisites for a Name-Mapped Setup

In case of a name-mapped installation, you are installing DSfW in an existing tree. To ensure the installation does not encounter errors, make sure you meet the following prerequisites:

Domain Name and Name Server Configuration is Correct

Before installing DSfW, ensure the domain name is entered correctly in YaST. To verify and correct the domain name, do the following:

Open YaST>NetWork Configurations. Select the Hostname and Name Server option.
Verify that the domain name is correct.
Select the Write Hostnames to /etc/hosts option to ensure that changes you have made gets added to the /etc/hosts files.
Verify that the Name Server 1 points to a DSfW domain controller that is also acting as the DNS server. By default the first domain controller of the first domain will always host the DNS server. However, for the first domain controller of the first domain, Name Server 1 must be the IP address of the local server. For details see, DNS Server is Installed.

IMPORTANT:In case of installation of a child domain, make sure you specify the name of the parent domain in the Domain Search field for resolving hostnames.
Click OK to save the changes.

eDirectory Version

Before installing DSfW, ensure that the eDirectory version is 8.8 SP2 or greater. You must also ensure that the eDirectory version of the servers holding the writable replica of the tree root partition is 8.8 SP2 and above.

Container is Partitioned

The container in which you are installing DSfW must be partitioned.

DNS Server is Installed

Ensure that Novell DNS service is installed and the server is up and running to resolve name resolution queries.

Time is Synchronized

Ensure time is synchronized between all servers in the replica ring by executing the following command:

ndscheck -a <bind dn> -w <password>

Schema is Synchronized

Ensure the schema is synchronized on all the servers in the replica ring by executing the following command on all the servers:

ldapsearch -b cn=schema -s base -x attributetypes=<schema attribute>

Substitute the schema attribute value with an attribute you have used in the schema.

For example: ldapsearch -b cn=schema -s base -x attributetypes=xad-domain-flag

Server State in the Replica Ring

Verify that the state of the servers in the replica ring is On by executing the following command:

ndsstat -r

The ndsstat utility displays information related to eDirectory servers, such as the eDirectory tree name, the fully distinguished server name, and the eDirectory version.

Permissions for Objects

When you are installing in a name-mapped setup, ensure that you have adequate permissions for the following objects in the tree:

Container that is being provisioned
Permissions for DNS Locator and Group objects
Permissions to the Security container
Modify permissions to the NCP servers holding replica of the master server

Container Names

When you are installing DSfW, it creates few default containers. Make sure that the following container names do not already exist under the domain partition:

cn=Computers
cn=Users
ou=Domain Controllers
cn=DefaultMigrationContainer
cn=Deleted Objects
cn=ForeignSecurityPrincipals
cn=Infrastructure
cn=LostAndFound
cn=NTDS Quotas
cn=Program Data
cn=System
cn=Container