Active Directory Manager Pro Quick start Guide Software version 5.0.0.0 JUNE 2014 General Information: info@cionsystems.com Online Support: support@cionsystems.com Copyright 2014 CionSystems Inc., All Rights Reserved Page 1
2014 CionSystems Inc. ALL RIGHTS RESERVED. This guide may not be reproduced or transmitted in part or in whole by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser's use under the licensing agreement, without the written permission of CionSystems Inc. The software application in this guide is provided under a software license (EULA) or nondisclosure agreement. This product may only be used in accordance with the terms of the applicable licensing agreement. This guide contains proprietary information protected by copyright. For questions regarding the use of this material and product, contact us at: CionSystems Inc. 16625 Redmond Way, Ste M106 Redmond, WA. 98052 www.cionsystems.com +1.425.605.5235 Trademarks CionSystems, CionSystems Inc., the CionSystems Inc. logo, CionSystems Active Directory Manager Pro are trademarks of CionSystems. Other trademarks and registered trademarks used in this guide are property of their respective owners. Copyright 2014 CionSystems Inc., All Rights Reserved Page 2
Table of Contents 1. Introduction... 4 2. Highlights... 5 Benefits... 5 Features... 5 3. System Requirements... 5 3.1 Getting Ready... 5 Software Requirements... 6 4. Installation... 7 4.1 Installing from a CD... 7 4. 2 Installing from the Web... 7 4.3 Installation Wizard ADM PRO... 8 4.4 Installation Wizard Blackberry component... 13 5. Configuring CionSystems Active Directory Manager Pro... 14 5. Troubleshooting Installation issues... 16 Windows Server 2008 R2... 16 Issue #1... 16 Issue #2... 17 Issue #3... 18 Issue #4... 19 Issue #5... 20 Issue #6... 21 Windows Server 2003... 25 Issue #1... 25 Issue #2... 27 Issue #3... 28 Issue #4... 29 Issue #5... 33 Issue #6... 34 Issue #7... 36 Copyright 2014 CionSystems Inc., All Rights Reserved Page 3
1. Introduction Active Directory Manager Pro - For every organization identity and access management is far more then a security technology. Identity management gives the users and applications access to the right access information. It is critical to ensure that the right and appropriate permissions are in place for users and applications. This is a major factor in driving regulatory compliance initiatives. Building and managing identity strategy can be complex because it touches all users, applications, resources of the companies and customers. Majority of enterprises faces challenges in maintaining consistent policies thereby incurring high administrative cost and direct impact on security and compliance requirements. CionSystems Active Directory Manager Pro provides a simple and cost effective identity management solution to help you manage accounts across Microsoft directory services. With CionSystems Active Directory Manager Pro you can: Centrally manage identities (users, passwords, computers, contacts, groups, OU, GPO, Exchange, terminal server, site, schema, ACL and more) across Windows - saving time, money and resources. Automate the provisioning process across Windows platforms to reduce costly errors. Manage enterprise-wide password policies, and reduce costly calls to the help desk. Automate Role-Based Access Management. Tighten Security and Auditing processes. Perform global Search and Replace. Reports - Complying with regulatory requirement can be a very complex, time-consuming and expensive. Generating reports for the compliance may not be a cakewalk. It will require accessing a glut of raw data coming from numerous organizations and making sense out of it. Additionally keeping the Identity Management running smoothly requires administrators to know the state of the Active Directory Systems on a proactive basis. A reactive solution can turn out to be a very expensive ordeal for organization as it can effect applications, users and network productivity. Built-in Active Directory auditing lacks many important features and doesn't have reporting capabilities. CionSystems Active Directory Manager Pro helps with compliance and day to day status check by accessing and presenting the raw data into meaningful reports that allows administrator, senior management and auditors to gain correct insight into the Windows Active Directory Infrastructure. Copyright 2014 CionSystems Inc., All Rights Reserved Page 4
2. Highlights Benefits Lower cost of operation Centralized access, single point of access Fast, automate user,group provisioning Full reporting and auditing Enforce policies and prove compliance Reliably manage access rights Helps with migration efforts Easy install and ramp-up All functionality included in one file, no need for multiple modules Task approvals decrease errors and inconsistencies Automates the provisioning and deprovisioning process Schedule the tasks of adding and removing objects Monitor the execution of tasks Ability to accept or operations deny requests Approval for entitlement/group membership Easy compliance Multi directory support Features Browser-based UI, customized by role No coding or command line scripting Secure provisioning and deprovisioning Granular password, ACL management 200+ ready-to-use reports, customizable Exchange mailbox management Centrally manage multiple domains Bulk object management Customizable templates increase functionality Real-time notifications inbox size, password expiry, etc Change Approval process Temporary User and Group management Schedule object addition and removal Automated Active Directory cleanup Attestation for user and group LDAP support Permission reports 3. System Requirements CionSystems Active Directory Manager Pro needs: 4GB RAM (6GB Recommended). 50 MB of disk space. Web Browser IE 8 or higher. Windows Server 2003, 2008, or 2012. IIS server 5.1 or higher. Microsoft Exchange administrative tools. For exchange 2007 & 2010 support, please install Exchange management tool on the system where you install ADMPRO Microsoft.NET 4.0 4.0 Framework. Access to Exchange Server 2003 or Exchange Server 2007-2013. Access to Windows Active Directory (2000, 2003, 2008, 2012). SQL Server 2008 or higher Full or Express Edition. GPMC 3.1 Getting Ready Before installing CionSystems s Active Directory Manager Pro, ensure the system has pre-requisites installed and configured correctly. Copyright 2014 CionSystems Inc., All Rights Reserved Page 5
Software Requirements A system with Windows server 2003, Windows server 2003 R2, Windows server 2008, Windows server 2008 R2, Windows server 2012 and, Windows server 2012 R2. Active Directory Manager Pro is web-based application that is hosted in IIS. Enable IIS server role see the below screenshot of IIS services to enable. The picture is from IIS version 7. Note: IIS 5.1 configuration screens look significantly different. Please see the Windows Server 2003 under troubleshooting section. Active Directory Manager Pro asks for IIS username and password during installation. Copyright 2014 CionSystems Inc., All Rights Reserved Page 6
Ensure the username has local administrative privileges on the system. For a domain joined system, ensure the user name appears in local administrative group by going to user manager. In addition, ensure this same user must have access to SQL database, verify it via Microsoft SQL studio manager. When installing on a non-domain joined system, install Microsoft SQL server on this system or use SA account to connect to Microsoft SQL server that is on a different system. Active Directory Manager Pro uses Microsoft SQL database for storing configuration and other information. Before installing the application ensure that you have either installed a local copy of Microsoft SQL server or have appropriate access to a SQL server that is hosted on a different system. Microsoft SQL server two types of authentication, SA or Windows authentication. Please choose the desired SQL authentication at installation. o Ensure Browser service is running to be able to connect to Microsoft SQL server on a different system o Ensure TCP/IP is enabled for SQL o Ensure appropriate SQL ports are opened in firewall. 4. Installation CionSystems Active Directory Manager Pro can be installed using a CD or from the web. 4.1 Installing from a CD To install Active directory Manager Pro from CD: 1. Insert CionSystems Active Directory Manager Pro CD into your CD drive. 2. Click on start on start button. 3. Click on My Computer. 4. Double click on CD drive. 5. Double click on ActiveDirectoryManager.msi. 6. Setup process will start. 7. Go to Picture 1 in Installation Wizard. 4. 2 Installing from the Web After registration of the Active Directory Manager Pro trial version, an email will be sent with the link to download ActiveDirectoryManager.msi. To install from the website: 1. Open email. Copyright 2014 CionSystems Inc., All Rights Reserved Page 7
2. Click on the ActiveDirectoryManager.msi link. 3. Save ActiveDirectoryManager.msi file to the hard drive. 4. When the download is complete, go to start > windows explorer. 5. Open the file where ActiveDirectoryManager.msi file was saved. 6. Double click on ActiveDirectoryManager.msi file. 7. Setup process will start. 8. Go to step 1 in Installation Wizard. 4.3 Installation Wizard ADM PRO The welcome screen will open 1 Click Next 2. Click Next in System Requirements and Info screen. Copyright 2014 CionSystems Inc., All Rights Reserved Page 8
3. Select I Agree. Copyright 2014 CionSystems Inc., All Rights Reserved Page 9
4. Click Next. 5. Active Directory Manager Pro will start installing. Copyright 2014 CionSystems Inc., All Rights Reserved Page 10
6. IIS Authentication pop up will appear, enter IIS Username and Password, Click on OK button. If the System joined in Domain give domain\username If the system not joined in domain give system name\username Copyright 2014 CionSystems Inc., All Rights Reserved Page 11
7. SQL Server Configuration pop up will appear, if u are installing the application for first time then click on Create New Database. In Configuration Details, you can select SQL Authentication or Windows Authentication. For SQL Authentication Enter SQL database Server name, Select SQL Authentication, Enter Login and Password. Enter valid details and click Test Connection. If Test Connection displays connected successfully message. Then, Click on Next. For Windows Authentication Enter SQL database Server name, Select Windows Authentication, here, Login and Password will be grayed out. Enter valid details and click Test Connection. If Test Connection displays connected successfully message. Then, Click on Next. Note: To use the Existing Database radio button. AD Manager pro Database should already exists in the SQL database. To use Create New Database radio button. AD Manager pro Database should not be there in the SQL database. Copyright 2014 CionSystems Inc., All Rights Reserved Page 12
8. When the installation is complete, click Close. 4.4 Installation Wizard Blackberry component Double click on zip file and click on the.msi file to start the installation. Walk through the installation wizard by clicking on next and complete the installation of the mobility component. Copyright 2014 CionSystems Inc., All Rights Reserved Page 13
5. Configuring CionSystems Active Directory Manager Pro 1. Click on Start Button> All Programs> CionSystems> Active Directory Manager Pro icon. OR Click ActiveDirectoryManagerPro Icon on desktop. 2. The login screen will open in the default web browser, to login on to the application for the first time Enter admin in the User Name dialogue box. Enter admin in the Password dialogue box. Note: It is recommended that user name and password should be changed after the application has launched. Copyright 2014 CionSystems Inc., All Rights Reserved Page 14
3. Enter the Active Directory Manager Pro details of the domain. Domain Name. Domain User Name It is critical that this user have highest privileges otherwise some of the functionality may not work. Application uses this account as is context. Domain Password. Enter Domain Controller name Click on Get Domain controllers It will show all the domain controllers for that Domain. Select primary radio button. Click on save. 4. The installation and configuration is complete and you should see the following screen. Copyright 2014 CionSystems Inc., All Rights Reserved Page 15
Once Active Directory Manager Pro is successfully installed and launched, the dashboard window will appear with a view of the active directory categories of reports and task list. For instructions on how the Active Directory Manager Pro dashboard can be customize to meet individual user needs please refer to Active Directory Manager Pro Help Guide. 5. Troubleshooting Installation issues Windows Server 2008 R2 Issue #1 If you see the following error 1. If you see the following screen when during install To install the.net version Click on Below Link Copyright 2014 CionSystems Inc., All Rights Reserved Page 16
http://www.microsoft.com/en-in/download/details.aspx?id=17718 Download and install >netfrtamework4.0, ensure appropriate.net versions are installed. Issue #2 Log on as administrator or run the.msi as an administrator by holding down shift key and right click the mouse, choose run as administrator. Copyright 2014 CionSystems Inc., All Rights Reserved Page 17
Issue #3 This happens when.net 2.0 is not enabled on the system. On Windows 2008 server, all.net components are installed but are not enabled by default. You have to enable by going to server manager application, go to IIS server role and enable. Ensure the check boxes matches the following screenshots. Copyright 2014 CionSystems Inc., All Rights Reserved Page 18
Make sure you have install asp.net,.net extensibility and iis6 management compatibility roles. Issue #4 In some case, you have to change the Application pool identity to the username and password you provided at install. Process is - Run Inetmgr.exe from start run - Goto application pool, then to default app pool. Copyright 2014 CionSystems Inc., All Rights Reserved Page 19
Issue #5 If the login fails after trying admin & admin (without quotes): see the solution below Start the sql server management studio and note the sql connection string and username. You have to provide this username during the install of ADM PRO. Otherwise whatever username you provided you have to provide SQL privileges. Copyright 2014 CionSystems Inc., All Rights Reserved Page 20
Also, check the IIS role and ensure the Windows and Basic authentication is enabled. Issue #6 SQL Login fails This can happen because the firewall is blocking ports. Check the firewall and SQL to ensure the right SQL ports are open. Below is an example 1) Click on start All programs, open Microsoft SQL server 2005, Click on Configuration tools, open SQL server Surface area configuration Copyright 2014 CionSystems Inc., All Rights Reserved Page 21
Click on Surface Area Configuration for services and connectors Click on Remote Connections, select both TCP/IP and Named pipes Copyright 2014 CionSystems Inc., All Rights Reserved Page 22
Click on SQL server, browser, select service startup type as Automatic, Click on OK 2)Now open SQL Server Configuration Manager Select Protocols for SQLEXPRESS Copyright 2014 CionSystems Inc., All Rights Reserved Page 23
Select TCP/Ip, goto properties, in properties windows select IP address In IP1 set TCP Port as 1433 and in IPALL set TCP port as 1433, Click on OK Restart SQLServer and SQL server Browser services To open above ports in Windows firewall run this command from command prompt netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN To connect Remote Database you have to install SQL browser service (for SQL 2008) In firewall enable UDP port (By Default 1434) for SQL Browser To connect to Remote Database through windows authentication, the system must be Member of that Domain and that Domain has to be added in SQL database security logins Copyright 2014 CionSystems Inc., All Rights Reserved Page 24
Windows Server 2003 Issue #1 If you see the following error 1. If you see the following screen when during install Copyright 2014 CionSystems Inc., All Rights Reserved Page 25
To install the.net version Click on Below Link http://www.microsoft.com/en-in/download/details.aspx?id=17718 Ensure the.appropriate.net versions are installed. Copyright 2014 CionSystems Inc., All Rights Reserved Page 26
Issue #2 If you see the following error Install the web server role as shown below Copyright 2014 CionSystems Inc., All Rights Reserved Page 27
Issue #3 If the login fails after trying admin & admin (without quotes): see the solution below Copyright 2014 CionSystems Inc., All Rights Reserved Page 28
Start the sql server management studio and note the SQL connection string and username. You have to provide this username during the install of ADM PRO. Otherwise whatever username you provided you have to provide SQL privileges. Issue #4 SQL Login fails Copyright 2014 CionSystems Inc., All Rights Reserved Page 29
This can happen because the firewall is blocking ports. Check the firewall and SQL to ensure the right SQL ports are open. Below is an example 1) Click on start All programs, open Microsoft SQL sever 2005, Click on Configuration tools, open SQL server Surface area configuration Copyright 2014 CionSystems Inc., All Rights Reserved Page 30
Click on Surface Area Configuration for services and connectors Click on Remote Connections, select both TCP/IP and Named pipes Copyright 2014 CionSystems Inc., All Rights Reserved Page 31
Click on SQL server, browser, select service startup type as Automatic, Click on OK 2)Now open SQL Server Configuration Manager Select Protocols for SQLEXPRESS Copyright 2014 CionSystems Inc., All Rights Reserved Page 32
Select TCP/Ip, goto properties, in properties windows select IP address In IP1 set TCP Port as 1433 and in IPALL set TCP port as 1433, Click on OK Restart SQLServer and SQL server Browser services To open above ports in Windows firewall run this command from command prompt netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN Issue #5 After installing the application, if menu do not display in Microsoft Internet Explorer then please check the Internet Explorer following setting as indicated in the below picture. Copyright 2014 CionSystems Inc., All Rights Reserved Page 33
Go to Tools Internet options- Security- Enable custom level Enable Binary and Script Behavior option. Save it, you may have to restart the application again. Issue #6 When installing the application on IIS6.0 you may see the following screen. Copyright 2014 CionSystems Inc., All Rights Reserved Page 34
To fix take the following steps. Open Inetmgr.exe by clicking on start run and type inetmgr.exe Goto Default website and Select ADManager, right click properties Now Change ASP.NET version to 4.0.30319 as shown in the below picture Copyright 2014 CionSystems Inc., All Rights Reserved Page 35
Issue #7 You may experience the following error as shown in the below picture. To fix the issue take the following steps Open Inetmgr.exe by clicking start run and typing inetmr.exe Click on Application pools and select CionADManagerPro, Right click on it as shown in the below picture Copyright 2014 CionSystems Inc., All Rights Reserved Page 36
Click on Identity and In Predefined option change to Local system Click on Save to save the settings From start run, type IISReset.exe to restart IIS Copyright 2014 CionSystems Inc., All Rights Reserved Page 37
Contact Notes: For technical support or feature requests, please contact us at Support@CionSystems.com or 425.605.5325 For sales or other business inquiries, we can be reached at Sales@CionSystems.com or 425.605.5325 If you d like to view a complete list of our Active Directory Management solutions, please visit us online at www.cionsystems.com Disclaimer The information in this document is provided in connection with CionSystems products. No license, express or implied, to any intellectual property right is granted by this document or in connection with the sale of CionSystems products. EXCEPT AS SET FORTH IN CIONSYSTEMS LICENSE AGREEMENT FOR THIS PRODUCT, CIONSYSTEMS INC. ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL CIONSYSTEMS INC. BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL,PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF CIONSYSTEMS INC. HAS BEEN ADVISED IN WRITING OF THE POSSIBILITY OF SUCH DAMAGES. CionSystems may update this document or the software application without notice. CionSystems Inc 16625 Redmond Way, Ste M106 Redmond, WA 98052 425.605.5325 This guide is provided for informational purposes only, and the contents may not be reproduced or transmitted in any form or by any means without our written permission. Copyright 2014 CionSystems Inc., All Rights Reserved Page 38