Setting up Directory Services integration for ESI applications

ESI can store connection settings locally or persist connection settings in a central location by integrating with Microsoft Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS).

The Microsoft Active Directory Services use the Lightweight Directory Access Protocol (LDAP) for both AD DS and AD LDS.

You can use AD DS or AD LDS for all supported applications and systems, such as ESI, MMC, ESI Service, ESI Exchange HA Extension, Exchange, and SQL Server.

 

Prerequisite

To use AD DS or AD LDS with ESI, confirm that Windows Server (2012 R2, 2012, or 2008 R2) Active Directory is installed. And for AD LDS, confirm an AD LDS instance is installed on the Windows Server. Microsoft TechNet provides instructions on how to install and set up AD DS and AD LDS.

 

Setting up

To set up AD DS:

  1. Confirm Active Directory is installed on your Windows Server.

  2. Confirm you selected Active Directory in the Publish Connection Information window during the ESI installation.

  3. Use an AD client to login to the domain controller with a domain administrator credential.

  4. Perform the steps in the "Configuring for ESI applications" procedure.

 

To set up AD LDS:

  1. Confirm Active Directory and the AD LDS instance is installed on your Windows Server.

  2. During the AD LDS installation, set up the following application directory partition for ESI: DC=EMC, DC=Storage, DC=Integrator, DC=COM.

  3. Confirm you selected AD LDS in the Publish Connection Information window during the ESI installation.

  4. Confirm the AD LDS instance schema has definitions for msDS-App-Configuration and msDS-Settings.

If not, extend the AD LDS schema to get them by generating an LDIF file with the ADSchemaAnalyzer.exe. Refer to Microsoft TechNet for instructions.

  1. Perform the steps in the next procedure to configure it for ESI applications.

 

Configuring for ESI applications

To configure AD DS and AD LDS for ESI, MMC, and PowerShell connections:

  1. Use ADSI Edit (adsiedit.msc) to connect to the domain controller active directory and create a Container for this ESI store: CN=ESI Object Connection Store.

For example, for mydomain.corp.com, create the CN=ESI Object Connection Store,DC=mydomain,DC=corp,DC=com Distinguished Name.

  1. Create a container in the ESI store container with the domain user name for each user.

For example, for User 1, you would create a CN=User1 Distinguished Name.

  1. Grant full control permissions for the users that own the ESI AD store.

 

To configure AD DS and AD LDS for ESI Service connections:

  1. Use ADSI Edit to create an ESI Service container in the ESI AD store. Use the name of the computer that is running ESI Service (CN=ESIService1). This new container enables ESI Service to store persistence settings in the ESI AD store.

  2. ESI Service runs as a network service. If ESI Service is running on a remote computer, grant full control permissions to the computer account.

If the directory service and ESI Service are running on the same computer, grant full control permissions to the network service account.

 

To configure AD DS and AD LDS for ESI Exchange HA Extension connections:

  1. Use ADSI Edit to create a container in the ESI AD store with the name of the Exchange Server's Database Availability Group Name.

  2. The HA Extension runs as the Exchange Monitoring Service account, so grant full control permissions to that account for the new DAG container.

 

Related links

 

 Installation overview

 Home window

 Adding hosts

 Prerequisites