B.2 Installation Tasks

The following installation tasks must be completed in the order that they are listed. If a step is not necessary for your setup, you can skip it.

B.2.1 Installing Internet Information Services

If you want to set up your own CA in order to configure SSL on ADAM (AD LDS), you need to install Internet Information Services (IIS).

  1. On your Windows Server 2003 machine, access the Control Panel, then click Add or Remove Programs.

  2. In the left pane, select Add/Remove Windows Components.

  3. Select Application Server, then click Details.

  4. Select Internet Information Services (IIS), then click Details.

  5. Verify that at least the following are selected:

    • Common Files

    • Internet Information Services Manager

    • World Wide Web Service

  6. Click OK twice, then click Next to complete the installation.

    You might be prompted to insert your original installation media for Windows Server 2003.

B.2.2 Installing Certificate Services

  1. On your Windows Server 2003 machine, access the Control Panel, then click Add or Remove Programs.

  2. In the left pane, select Add/Remove Windows Components.

  3. Select to Certificate Services, then click Next to complete the installation.

B.2.3 Installing ADAM/AD LDS

Installing ADAM

  1. On your Windows Server 2003 machine, access the Control Panel, then click Add or Remove Programs.

  2. In the left pane, select Add/Remove Windows Components.

  3. Select Active Directory Services, then click Details.

  4. Select Active Directory Application Mode (ADAM), then click OK.

  5. Click Next to complete the installation.

    The Active Directory driver doesn't currently have a way to change the port when making a connection, so you need to use the defaults. If the values default to something else, you probably already have a service using those ports, and you might need to disable or uninstall the other service.

  6. Click Next.

  7. Select Yes to create an application directory partition, unless you plan on doing it later.

  8. Specify the DN of the location where you'd like to synchronize users. For example, CN=People,DC=adamtest1,DC=COM.

  9. Click Next.

  10. Leave the default locations for data files and data recovery files, then click Next.

  11. Select an account for the ADAM service, then click Next.

    If you are installing ADAM on a server that is not already part of a domain, you might get a warning at this point. This is usually not a problem with ADAM, and you should continue with the installation.

  12. Click Next to assign the current user (the one you are logged in as) rights to administrate ADAM.

  13. Select Import the selected LDIF files for this instance of ADAM.

  14. Select MS-User.LDF, then click Add.

  15. Click Next.

  16. Review the installation summary, then click Next.

Installing AD LDS

If you are installing AD LDS, use the steps given at http://technet.microsoft.com/en-us/library/cc754486%28WS.10%29.aspx, then follow the installation instructions from Step 6 to Step 16 from the Installing ADAM section.

B.2.4 Requesting and Installing the Server Certificate

  1. On the server where you installed IIS and Certificate Services, specify the following address in a Web browser: http://localhost/certsrv.

  2. You should see a welcome message from Certificate Services. If you do not, go back and make sure you have IIS and Certificate Services both installed.

  3. The steps for requesting and installing a certificate are found at [.NET] Using SSL with ADAM.

  4. On your ADAM (AD LDS) server, make sure you have the certificate installed in the following location in MMC: Certificates - Service (adaminstance) on Local Computer\ADAM_adaminstance\Personal.

  5. On the Identity Manager server (or the Remote Loader computer) where the driver is running, make sure that you have only the CA certificate and make sure it is in Certificates - Current User\Trusted Root Certificates.

    See Active Directory Application Mode: Frequently Asked Questions for additional resources.