This section provides information on how to Deploy Hosted Messaging and Collaboration Active Directory Collector.
Tasks
- Create Data Collection Service Accounts
- Assign Database Permissions to Data Collection Service
Accounts
- Assign Active Directory Permissions to Data Collection Service
Accounts
- Extend the Hosted Messaging and Collaboration Reporting
Database
- Install the Active Directory Data Collection Tool
- Install the Operations Manager Data Collection Tool
- Install the Hosted Messaging and Collaboration Reporting Query
Client
- Important Note regarding QueryClient Permissions
- Populate the SharePoint NLB Mapping Table
Create Data Collection Service Accounts
Procedure W03-DWR.14: To create Active Directory Data Collection Service Account (ADCollectorSvc)
-
On AD01, open Active Directory Users and Computers and expand your domain (fabrikam.com).
-
Create a new user account ADCollectorSvc, and set the password to never expire.
Note: The action account cannot have a blank password or a password that will expire.
Procedure W03-DWR.15: To create Operations Manager Data Collection Service Account (SCOMCollectorSvc)
-
On AD01, open Active Directory Users and Computers and expand your domain (fabrikam.com).
-
Create a new user account SCOMCollectorSvc, and set the password to never expire.
Note: The action account cannot have a blank password or a password that will expire.
Procedure W03-DWR.16: To add the SCOMCollectorSvc account to the Operations Manager Read-Only Operators group
-
Log on to OMMGR01 as OMAdmin, and then start the System Center Operations Console.
-
Expand Administration, expand Security, and then select User Roles.
-
Right-click Operations Manager Read-Only Operators, and then select Properties.
-
Add SCOMCollectorSvc to the group.
Assign Database Permissions to Data Collection Service Accounts
Procedure W03-DWR.17: To assign database permissions to Data Collection service accounts
-
On OMSQL01, open SQL Server Management Studio and expand OMSQL01.
-
Add two new login accounts according to the following table:
Login name
Security authentication
Default database
User mapping database
Database role
Fabrikam\ADCollectorSVC
Windows Authentication
PWDB40
PWDB40
db_owner
Fabrikam\SCOMCollectorSVC
Windows Authentication
PWDB40
PWDB40
db_owner
OperationsManager
db_datareader
Assign Active Directory Permissions to Data Collection Service Accounts
Procedure W03-DWR.18: To assign Active Directory permissions to Data Collection service accounts
-
Log on to AD01 as Fabrikam\Administrator
-
Run Active Directory Users and Computers. Click the View menu, and then select Advanced Features.
-
Assign READ permission to the AD collector service account on the following AD objects with inheritance:
- "OU=Domain Controllers,DC=fabrikam,DC=com"
- "CN=Computers,DC=fabrikam,DC=com"
- "OU=Hosting,DC=fabrikam,DC=com"
- "CN=Deleted Objects,DC=fabrikam,DC=com" (refer to http://support.microsoft.com/kb/892806)
- Download Active Directory Application Mode (ADAM)
with SP1
- Extract it to a local directory by running
ADAMSP1_X64_English.exe /x
- Use the domain administrator account to take ownership of the
deleted objects container. Open a command prompt to the directory
to which you extracted the ADAM files. Run the following
command:
Copy Code dsacls "CN=Deleted Objects,DC=Fabrikam,DC=com" /takeownership
- Grant Read access to the ADCollectorSVC using the following
command:
Copy Code dsacls "CN=Deleted Objects,DC=Fabrikam,DC=com" /g FABRIKAM\ADCollectorSVC:GR
- Download Active Directory Application Mode (ADAM)
with SP1
- "OU=Domain Controllers,DC=fabrikam,DC=com"
Extend the Hosted Messaging and Collaboration Reporting Database
Procedure W03-DWR.19: To extend the Hosted Messaging and Collaboration Reporting Database
-
Log on to OMSQL01 as OMAdmin
-
From the Hosted Messaging and Collaboration installation media, open a command prompt, change directory to \Monitoring and Reporting, and then run the following command:
Copy Code msiexec /i HMCReportDB.msi /norestart /passive DBHOSTNAME=OMSQL01 DBDATABASE=PWDB40 ADHOSTING=LDAP://OU=Hosting,dc=fabrikam,dc=com
Note: |
---|
This database extends the functionality of the PWDB40 database. Thus, it must be installed on the same server as that of the PWDB40 database, and the database name must be specified as PWDB40. |
Install the Active Directory Data Collection Tool
Procedure W03-DWR.20: To install the Active Directory Data Collection Tool
-
Log on to OMSQL01 as OMAdmin
-
From the Hosted Messaging and Collaboration installation media, open a command prompt, change directory to \Monitoring and Reporting, and then run the following command:
Copy Code msiexec /i ADCollector.msi /norestart /passive DBHOSTNAME=OMSQL01 DBDATABASE=PWDB40 SVCRUNAS=FABRIKAM\ADCollectorSVC SVCRUNASPWD=Password
(where Password matches the password already assigned to the FABRIKAM\ADCollectorSVC account)
Install the Operations Manager Data Collection Tool
Procedure W03-DWR.21: To install the Operations Manager Data Collection Tool
-
Log on to OMSQL01 as OMAdmin.
-
From the Hosted Messaging and Collaboration installation media, open a command prompt, change directory to \Monitoring and Reporting, and then run the following command:
Copy Code msiexec /i ScomCollector.msi /norestart /passive DBHOSTNAME=OMSQL01 DBDATABASE=PWDB40 SVCRUNAS=FABRIKAM\ScomCollectorSVC SVCRUNASPWD=Password SCOMHOST=ommgr01.fabrikam.com
-
From the <system drive>:\program files\System Center Operations Manager 2007\SDK Binaries folder on OMMGR01, copy the following Operations Manager 2007 SDK binaries, to the installation folder of the Operations Manager Data Collection Tool on OMSQL01 (<system drive>:\Program Files\Microsoft Provisioning\Monitoring and Reporting).
-
Microsoft.EnterpriseManagement.OperationsManager.Common.dll
- Microsoft.EnterpriseManagement.OperationsManager.dll
-
Microsoft.EnterpriseManagement.OperationsManager.Common.dll
Install the Hosted Messaging and Collaboration Reporting Query Client
Procedure W03-DWR.22: To install the Hosted Messaging and Collaboration reporting query client
-
Log on to PROV01 as FABRIKAM\Administrator
Note: QueryClient.msi should not be deployed on the same server as HMCReportDB.msi because they read and write registry keys/values in the same registry path. -
From the Hosted Messaging and Collaboration installation media, open a command prompt, change directory to \Monitoring and Reporting, and run the following command:
Copy Code msiexec /i QueryClient.msi /norestart /passive DBHOST=OMSQL01 DBNAME=PWDB40
-
Verify that the Hosted Messaging and Collaboration Reporting Query Client has set the correct registry keys. On PROV01, run Regedit, and then navigate to the following key:
Copy Code HKLM\Software\Microsoft\Provisioning\Monitoring and Reporting
-
Verify the settings for Reporting Database and Reporting Database Server
Important Note regarding QueryClient Permissions
The Hosted Messaging and Collaboration Reporting Query Client is a managed code API which customer applications can use to retrieve tenant information and availability data from the Hosted Messaging and Collaboration Reporting Database. The user or service account that calls the Query Client will require the following permissions to the Hosted Messaging and Collaboration Reporting Database (PWDB40)
- Read permission on [ErrorLookup] table
- Execute permission on five stored procedures listed in
the following table:
Stored Procedure |
Description |
spGetService |
Used to enumerate services |
spGetOrgsByServer |
Used in GetOrgsByServer method in QueryClient |
spGetUsersByServer |
Used in GetUsersByServer method in QueryClient |
spGetOrgServiceState |
Used in GetOrgServiceState method in QueryClient |
spGetUserServiceState |
Used in GetUserServiceState method in QueryClient |
Populate the SharePoint NLB Mapping Table
You must populate Windows SharePoint Server definitions for each front-end SharePoint server in your environment into the GroupServerMapping table in the Hosted Messaging and Collaboration Reporting Database PWDB40.
The following table assumes that you have two SharePoint front-end servers behind a load-balanced vIP (with a DNS name of WSSLBFE) for your SharePoint server farm:
GroupID |
ServerFqdn |
http://WSSLBFE:8080 |
collab01.fabrikam.com |
http://WSSLBFE:8080 |
collab02.fabrikam.com |
Procedure W03-DWR.23: To populate the SharePoint NLB mapping table
-
Open a SQL query window for the Hosted Messaging and Collaboration Reporting Database PWDB40.
-
Run the stored procedure, which should be modified as necessary to represent the server names and DNS name for your SharePoint servers:
- If you have multiple SharePoint front-end servers in your web
farm, provide a SQL statement for each server, providing the shared
(load-balanced) vIP name and the unique server name:
Copy Code exec spInsertGroupServerMapping ‘http://WSSLBFE:8080’, ‘collab01.fabrikam.com’ exec spInsertGroupServerMapping ‘http://WSSLBFE:8080’, ‘collab02.fabrikam.com’
- If you have only a single front-end SharePoint server, provide
a SQL statement for the server, providing the admin URL and the
unique server name:
Copy Code exec spInsertGroupServerMapping ‘http://collab01:8080’, ‘collab01.fabrikam.com’
- If you have multiple SharePoint front-end servers in your web
farm, provide a SQL statement for each server, providing the shared
(load-balanced) vIP name and the unique server name: