Dell Spotlight on Active Directory 6.8.4. Deployment Guide

Dell Spotlight on Active Directory 6.8.4

2014 Dell Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser s personal use without the written permission of Dell Inc. The information in this document is provided in connection with Dell products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, DELL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL DELL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF DELL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Dell makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Dell does not make any commitment to update the information contained in this document. If you have any questions regarding your potential use of this material, contact: Dell Inc. Attn: LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656 Refer to our web site (software.dell.com) for regional and international office information. Patents This product is protected by U.S. Patent #: 6,249,883. Trademarks Dell, the Dell logo, and Spotlight are trademarks of Dell Inc. and/or its affiliates. Microsoft, SQL Server, Windows, Windows Server, Active Directory, and Internet Explorer are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims any proprietary interest in the marks and names of others. Legend CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed. WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death. IMPORTANT NOTE, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information. Spotlight on Active Directory Updated - August 2014 Software Version - 6.8.4

Contents About this Guide................................................ 5 Best Practices for Spotlight on Active Directory................................ 5 Domain Controllers............................................... 5 Less Than 50 Domain Controllers................................... 6 Between 51 and 100 Domain Controllers.............................. 7 More Than 100 Domain Controllers.................................. 9 Limiting Access to Test Features......................................11 High Level Analysis Tests.........................................13 Directory Replication Analysis Tests..................................13 DNS Analysis Tests.............................................14 File Replication Analysis Tests.....................................14 Time Synchronization Analysis Tests.................................14.............................................14 Deployed in a Firewalled Environment.................16 Deployed on Multiple Instances of Spotlight on Active Directory......................................16 Collector Management Console....................................17 Diagnostic Services...............................................17 Port Numbers...................................................17 Database Maintenance.............................................19 Best Practices for Spotlight on Active Directory Diagnostic Console............ 20 Best Practices for Spotlight on Active Directory Web Reports................. 20 Frequently Asked Questions and Troubleshooting......................... 21 About Dell.................................................... 25 Contacting Dell..................................................25 Technical support resources.........................................25 iii

iv

1 About this Guide This document has been prepared to assist you in deploying Spotlight on Active Directory, an integral component of Spotlight Suite. The contains the best practices to install and use Spotlight on Active Directory. It is intended for network administrators, consultants, analysts, and any other IT professionals using the product. NOTE: For information on Spotlight basics, please refer to the Spotlight Basics section of the Help menu of the Spotlight on Active Directory Diagnostic Console. Best Practices for Spotlight on Active Directory Once the minimum system requirements have been met, you can deploy Spotlight on Active Directory using the components provided on the Spotlight on Active Directory CD. NOTE: System administrators should follow Microsoft best practices for Active Directory, SQL Server, and IIS management including operational procedures and performing regular backups. Multiple Spotlight on Active Directory Topology Viewer Consoles, installed on separate computers, can connect to and receive analysis test results from the diagnostic services. If multiple administrators need to look at the status of Active Directory, it is recommended that they install their own consoles, and connect to the same Spotlight Diagnostic Services. The following best practices have been established to deploy the following components and features: Domain Controllers Diagnostic Services Port Numbers Database Maintenance Domain Controllers All components of the Spotlight on Active Directory application can reside on a single server or on up to four separate systems. NOTE: You should not install the Spotlight on Active Directory components on domain controllers (DCs). You do not have to run services on your DCs to use Spotlight on Active Directory. 5

Less Than 50 Domain Controllers If you have 50 or less DCs, you can install all components on one computer. Installation Best Practices Figure 1. Network with 50 or less domain controllers 6

Performance Best Practices To assign permissions, you can perform the following: To monitor a single domain, create a service account with Domain Administration privileges for Diagnostic Services. NOTE: For more detailed analysis test permissions, see Limiting Access to Test Features on page 11. To monitor multiple domains, create a service account with Enterprise Administration privileges for Diagnostic Services. The following table lists the high level analysis tests and how often you should schedule these tests according to the size of your network: Table 1. How tests effect your database Test Schedule every... Effect on database Verify Server Health 30 minutes 6 kilobyte (KB) per target domain controller per poll Performance - 4 KB Network - 150 Bytes Services - 300 Bytes Disk Space - 400 Bytes Events - 1 KB Directory Availability - 150 Bytes Verify DNS Health 30 minutes 2 KB per target domain controller per poll Verify Directory Replication Health 30 minutes 50 Bytes per target domain controller per poll Verify File Replication Health 60 minutes 1.5 KB per target domain controller per poll Check GPO Synchronization 60 minutes N/A Verify Time Synchronization 30 minutes 400 bytes per target domain per poll Between 51 and 100 Domain Controllers Installation Best Practices If you have 51 to 100 DCs, it is recommended that you install the diagnostic services and Web Reports on one computer, and database components on a separate computer. For faster test execution, it is recommended you have one collector per every 50 DCs. As one collector is automatically installed with Diagnostic Services, you must add another Distributed Collector on a separate computer. For running Web Reports on a network with 51 to 100 DCs, it is recommended that you use SQL Server Enterprise Edition for better performance. 7

Figure 2. Network with 51 to 100 domain controllers Performance Best Practices To assign permissions, you can perform the following: To monitor a single domain, create a service account with Domain Administration privileges for Diagnostic Services. NOTE: For more detailed analysis test permissions, see Limiting Access to Test Features on page 11. To monitor multiple domains, create a service account with Enterprise Administration privileges for Diagnostic Services. The following table lists the high level analysis tests and how often you should schedule these tests according to the size of your network: 8

Table 2. How tests effect your database Test Schedule every... Effect on database Verify Server Health 30 minutes, if no 20 minutes if one Distributed Collector is managing half of the DCs Verify DNS Health 30 minutes, if no 15 minutes if one Distributed Collector is managing half of the DCs Verify Directory Replication Health 30 minutes, if no 15 minutes if one Distributed Collector is managing half of the DCs Verify File Replication Health 120 minutes, if no 60 minutes if one Distributed Collector is managing half of the DCs Check GPO Synchronization 120 minutes, if no 60 minutes if one Distributed Collector is managing half of the DCs Verify Time Synchronization 30 minutes, if no 15 minutes if one Distributed Collector is managing half of the DCs 6 kilobyte (KB) per target domain controller per poll Performance - 4 KB Network - 150 Bytes Services - 300 Bytes Disk Space - 400 Bytes Events - 1 KB Directory Availability - 150 Bytes 2 KB per target domain controller per poll 50 Bytes per target domain controller per poll 1.5 KB per target domain controller per poll N/A 400 bytes per target domain per poll More Than 100 Domain Controllers Installation Best Practices If you have 101 or more DCs, it is recommended that individual computers are dedicated for each component. By placing the four components on four separate computers, you have dedicated computer resources for each component, which minimizes contention for system resources. For faster test execution, it is recommended you have one collector per every 50 DCs. As one collector is automatically installed with Diagnostic Services, you must add other on their own computer. 9

For running Web Reports on a network with 101 or more DCs, it is recommended that you use SQL Server Enterprise Edition for better performance. Figure 3. Network with 101 or more domain controllers Performance Best Practices To assign permissions, you can perform the following: To monitor a single domain, create a service account with Domain Administration privileges for Diagnostic Services. NOTE: For more detailed analysis test permissions, see Limiting Access to Test Features on page 11. To monitor multiple domains, create a service account with Enterprise Administration privileges for Diagnostic Services. The following table lists the high level analysis tests and how often you should schedule these tests according to the size of your network: 10

Table 3. How tests effect your database Test schedule every... effect on database Verify Server Health 30 minutes, if no 20 minutes if one Distributed Collector is managing half of the DCs Verify DNS Health 30 minutes, if no 15 minutes if one Distributed Collector is managing half of the DCs Verify Directory Replication Health 30 minutes, if no 15 minutes if one Distributed Collector is managing half of the DCs Verify File Replication Health 120 minutes, if no 60 minutes if one Distributed Collector is managing half of the DCs Check GPO Synchronization 120 minutes, if no 60 minutes if one Distributed Collector is managing half of the DCs Verify Time Synchronization 30 minutes, if no 15 minutes if one Distributed Collector is managing half of the DCs 6 kilobyte (KB) per target domain controller per poll Performance - 4 KB Network - 150 Bytes Services - 300 Bytes Disk Space - 400 Bytes Events - 1 KB Directory Availability - 150 Bytes 2 KB per target domain controller per poll 50 Bytes per target domain controller per poll 1.5 KB per target domain controller per poll N/A 400 bytes per target domain per poll Limiting Access to Test Features You can limit the access to features and functionality users have to Spotlight on Active Directory tests. You can allow users to only run an analysis test once (not schedule a test), and not allow them to configure options, such as Analysis Test, Database, or Global Notifications (see Setting Options in the Spotlight on Active Directory User Guide). Each time you change a forest, the following workflow executes: 11

Figure 4. Workflow To limit access to features in Spotlight on Active Directory 1 Create a group called SLAD Administrators in the forest to which you wan to limit user access. This group must be a domain local group. 2 Assign users to this group. Assigned users will have full access to all features. Users not assigned to this group will have limited access. NOTE: If a network issue occurred, you must re-establish permissions by restarting the console or changing forests. High Level Analysis Tests Table 4. High Level Analysis Tests Test Detailed Permissions Verify Server Health Network Availability - Administrative rights; ICMP must be enabled. Disk space - read access through the admin share. Critical Services - read access to the Service Control Manager (SCM). Registry read access (as used by SCM) to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services. Performance Counters - registry read access to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows. Directory Service Availability - LDAP and RPC connectivity. Ability to perform LDAP searches against the target domain controller. Event Log - registry read access to HKLM\SYSTEM\CurrentControlSet\Services\EventLog. Disk read access to winnt\system32\config\*.evt. Verify Time Synchronization Read access to the SYSVOL share on the target domain controller. Read access to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time registry key on the target domain controller. 12

Table 4. High Level Analysis Tests Test Verify DNS Health Verify Netlogon entries. Verify partner Netlogon entries. Verify PDC advertising. Verify GC advertising. Read access to admin$\system32\config\netlogon.dns file. Verify zone existence (read registry access required). Verify forwarder availability (read registry access required). NOTE: Verify zone existence and Verify forwarder availability apply to Microsoft DNS only. Verify File Replication Health Verify Directory Replication Health Detailed Permissions Read/Write access to the disk that holds the SYSVOL share on the target domain. Read/Write access to the domain partition on the target domain controllers. Directory Replication Analysis Tests Table 5. Directory Replication Analysis Tests Test Find Replication Failures Track Object Replication Test Replication Links Detailed Permissions Administrative rights to the target domain controllers. This relies on RPC connectivity as well as read access to the directory. Read access to the directory (partition and OU varies on test configuration). Administrative rights to the target domain controllers. This relies on RPC connectivity as well as read access to the directory. DNS Analysis Tests Table 6. DNS Analysis Tests Test Check DNS Entries Check Partners DNS Entries Detailed Permissions Read access to admin$\system32\config\netlogon.dns file. Read access to admin$\system32\config\netlogon.dns file on all replication partners. File Replication Analysis Tests Table 7. File Replication Analysis Tests Test Confirm File Presence Check GPO Synchronization Check NTFRS/DFSR Status Detailed Permissions Disk read access to the file selected when configuring the test. Administrative rights to the PDC Emulator. Read access to the domain naming partition. Read access to the Service Control Manager. Registry read access (as used by the SCM) to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\ CurrentVersion. 13

Time Synchronization Analysis Tests Table 8. Time Synchronization Analysis Tests Test Check W32Time Differential Check W32Time Parent Synchronization Check W32Time Status Detailed Permissions Domain User access. Domain User access. Read registry access to the target domain controller (not the time parent). Read access to the SCM. Registry read access (as used by the SCM) to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services. The Distributed Collection of Analysis Test Data feature localizes data collection and processing before the data is transferred to the central Diagnostic Services. This feature supports site collection, where a distributed collector runs all tests for each domain controller (DC) in the site, and targeted collection where a distributed collector runs all tests for a specific DC. By default, the Diagnostic Services runs all tests, using a default collector, which can cause a heavy load on the host system. Distributed collectors reduce this load by allowing other servers to share data collection and test execution. Thus, network usage is reduced. Distributed collectors are configured to manage entire sites and/or specific servers, and run any tests against the servers in their managed list. The distributed collectors process the request, and send back only the final results to the Diagnostic Services. NOTE: You cannot install on the same server as Spotlight on Active Directory. Distributed collectors are installed manually or through the Collector Management Console to additional servers on the network. 14

Figure 5. A typical setup using collectors in Spotlight on Active Directory Diagnostic Services includes a default collector, and can communicate directly with a set of domain controllers (DCs) or a site containing multiple sets of DCs. As the data passing between the DCs and the server can be large, you can install a distributed collector on the local network or use a high latency connection (Firewall) to help unload the large amount of data. NOTE: Port 9605 is a configurable port. Port 9602 is not configurable. The Diagnostic Services tells the distributed collector to execute analysis tests to the DCs over port 9605. The distributed collectors then return the results back to the Diagnostic Services over port 9602. It is recommended that each distributed collector communicates with a set of domain controllers or a site containing up to a maximum of 50 DCs. 15

Deployed in a Firewalled Environment TIP: When creating tests, always put the DCs behind the firewall in their own test group. Avoid making one Server Health test for all of the DCs. Instead make one Server Health test for the DCs behind the firewall and another Server Health test for the DCs that are not behind the firewall. In this way, the Distributed Collector performs all the test executions and greatly reduces the number of ports that need to be open. If you have a set of DCs behind a firewall, place a Distributed Collector behind that firewall and use the Collector Management Console to assign the DCs behind the firewall to the Collector. Open port 9605 for incoming connections to the Distributed Collector host and port 9602 for outgoing connections to the DiagnosticTestEngineSLAD host. Install the Spotlight on Active Directory Topology Viewer and Spotlight on Active Directory Diagnostic Console on both sides of the firewall. To allow the Spotlight on Active Directory Topology Viewer to connect with the Diagnostic Services, allow outgoing connections to ports 9601 and 9602. Use the Spotlight on Active Directory Diagnostic Console on the appropriate side of the firewall for diagnosing the DCs in the two different regions. Deployed on Multiple Instances of Spotlight on Active Directory You can deploy distributed collectors on networks that use multiple instances of Spotlight on Active Directory, that is multiple instances of Diagnostic Services and databases. Figure 6. deployed on multiple instances of Spotlight on Active Directory Spotlight on Active Directory Server 1, using a default collector, collects data from three domain controllers (DCs) at Site 1. Spotlight on Active Directory Server 2, using a default collector, collects data from the DCs at Site 2. This install uses a distributed collector that is pushed onto Server 1 that manages the three DCs in Site 3. 16

If you want Spotlight on Active Directory Server 1 to manage the DCs in Site 3 using a distributed collector, the distributed collector in Spotlight on Active Directory Server 2 cannot be reused. Spotlight on Active Directory Server 1 has to push another collector onto another server (Server 2). This server can start managing the DCs found in Site 3. Collector Management Console The Collector Management Console: installs collectors on host computers removes collectors from host computers assigns servers to collectors ensures no server is being serviced by more than one collector presents collector statistics allows you to specify distributed collectors to retrieve test data from a specific site or specific DCs to reduce the load on the central Diagnostic Services location The automated collector installation feature uses the Windows Management Instrumentation (WMI) service to install distributed collectors. If this service is disabled, the distributed collector cannot install automatically, and the distributed collectors must be installed directly on the remote system from the Spotlight on Active Directory Installation CD. You can use the Collector Management Console after Spotlight on Active Directory has been launched and the Active Directory forests has been discovered. Use distributed collectors when Diagnostic Services and the DCs being managed communicate over high latency network paths. This includes WANs and environments employing Quality of Service (QoS) policies, or when communication must go through specific firewall ports. IMPORTANT: You cannot install the Distributed Collector on the same server where Spotlight on Active Directory is installed. Diagnostic Services Spotlight on Active Directory cannot be configured to use specific RPC ports, unless you are using distributed collectors. For more information on port configuration, refer to https://support.software.dell.com/kb/sol8987. NOTE: 1433 is the only port required for incoming communication (assuming the default port for SQL has not changed). ActiveX Data Objects (ADOs) are used to communicate with the database. SQL Server, by default, listens on port 1433, and ports 1024 to 5000 are open for outgoing communication. All communication between the Spotlight on Active Directory Topology Viewer and Diagnostic Services occurs over ports 9601 and 9602. For more information on ports, see Best Practices for Spotlight on Active Directory on page 5. Port Numbers The following port numbers can be used to install the various services of Spotlight on Active Directory. The services are grouped by component name. 17

For more information on using Spotlight on Active Directory in environments with Firewalls, For more information, see Deployed in a Firewalled Environment on page 16. Table 9. Port Numbers per Component Component name Port numbers Service name Spotlight on Active Directory Front End including TCP 3269 Active Directory Topology Viewer and Diagnostic Console TCP 3268 TCP 389 UDP 389 TCP 135 UDP 138 UDP 137 TCP 139 UDP 53 TCP 53 Computer Browsing DNS TCP 135 FRS/DFSR UDP 138 Net Logon UDP 137 TCP 445 TCP 139 Performance Logs and Alerts TCP 139 Printing TCP 445 TCP 139 Registry UDP 138 Server Manager UDP 137 TCP 139 TCP 445 TCP 4133 - if default has not changed 9601 9602 Diagnostic Services including Default Collector TCP 25 UDP 25 UDP 138 UDP 137 TCP 139 UDP 53 TCP 53 UDP 138 UDP 137 TCP 139 TCP 445 TCP 4133 - if default has not changed 9601 9602 SQL Server Communication with Diagnostic Services SMTP Computer Browsing DNS Net Logon SQL Server Communication with Front End 18

Table 9. Port Numbers per Component Component name Port numbers Service name Distributed Collector Services 9602 9605 NOTE: 9605 is configurable. Diagnostic Tests TCP 3269 TCP 3268 TCP 389 UDP 389 TCP 135 UDP 138 UDP 137 TCP 139 UDP 53 TCP 53 Communication with Diagnostic Services Active Directory Computer Browsing DNS TCP 135 FRS/DFSR UDP 138 Net Logon UDP 137 TCP 139 TCP 445 UDP 138 UDP 137 TCP 139 TCP 445 Server Manager TCP 139 Performance Logs and Alerts TCP 135 RPC TCP 4133 - if default SQL Server was not changed UDP 138 DFS TCP 139 TCP 389 UDP 389 TCP 445 TCP 135 TCP 135 Event Log Database Maintenance Database maintenance occurs daily and is scheduled by default to purge test result data every 30 days. You can change the default. To change the default 1. Open Spotlight for Active Directory Topology Viewer. 2. Select Edit Options Database. 19

3. Enter a value in the Database retention box to reflect how often you would like to schedule database maintenance. Best Practices for Spotlight on Active Directory Diagnostic Console Spotlight on Active Directory Diagnostic Console is a powerful diagnostic and resolution tool. Its unique user interface provides a real-time representation of the dataflow in your forests, allowing you to detect, diagnose, and resolve Active Directory problems. Calibration does not apply to Spotlight on Active Directory. The Spotlight on Active Directory Diagnostic Console is designed to diagnose and resolve specific problems quickly. Once a problem is resolved, the Diagnostic Console should be closed to avoid excessive use of system resources. If you must run the Spotlight on Active Directory Diagnostic Console for an extended period of time, you should: set the number of server connections to a minimum decrease the polling frequency put the history setting low set the refresh rate high to avoid excessive memory consumption To set the history option and refresh rate 1 Open the Spotlight on Active Directory Diagnostic Console, and connect to the domain controller whose history option you would like to set. 2 Select View Options Spotlight Console. 3 Click Data Collection in the Options bar. 4 Enter the appropriate history collection time and refresh rates. Best Practices for Spotlight on Active Directory Web Reports You should perform the following best practices when installing and running Spotlight on Active Directory Web Reports: For distributed Spotlight on Active Directory Web Reports installation, use SQL Server Authentication. In some instances, authentication errors may occur if Kerberos is not configured properly. The most common error is an access error as follows: "Unable to open database connection. (0x80040E4D: Unknown Error.) To resolve this issue, see the Microsoft Knowledgebase Article - 326985 titled How To: Troubleshoot Kerberos http://support.microsoft.com/kb/326985. 20

Frequently Asked Questions and Troubleshooting How do I launch Native Tools from the Assistant Pane? To launch Native Tools from the Assistant Pane on Windows 2003 (32 bit) Install the Windows Server 2003 Administration Tools Pack (adminpak.msi) so the Native Tools will work. Otherwise, you will get an error that the files for the tools cannot be found. NOTE: The Windows Server 2003 Administration Tools Pack (adminpak.msi) is not available on 64 bit versions of Windows. To administer these servers, use Remote Desktop or the Windows Management Instrumentation Command-line (WMIC). To launch Native Tools from the Assistant Pane on Windows Server 2008 and higher Install the appropriate snap-in from the Server Manager. How often should I run analysis tests? Test Group execution frequency is best determined by looking at the test you wish to run and the number of DCs you are monitoring. For example, you can break the Server Health test up into 3 parts: Availability (Network Availability and Critical Services) is the highest priority and requires the least amount of time to verify Resources (Directory Responsiveness and Disk Space Usage) have more overhead and should be executed less frequently. Error Monitoring (Performance Counters and Event Logs\Lingering Objects) has the most overhead and the data does not change frequently (or in the case of Performance counters is averaged over the course of the day) If you want to increase the frequency of the tests being run, break test groups up into smaller groupings. Avoid running a single Server Health test against 120 Domain Controllers. Instead, run a Server Health test against six groups of 20 Domain Controllers. See pages 10, 12, and 14 of this guide for more information. Do tests still run even when I am logged off? Analysis tests are executed using the Distributed Collector service, as long as the Diagnostic Services host computer is running and the Diagnostic services (running the tests) are executing according to their schedule. For information on what the Diagnostic Services include, see Installation Components of the Spotlight on Active Directory Quick Start Guide. Does Spotlight on Active Directory require an agent to gather the information? Spotlight on Active Directory does not require an agent on a domain controller (DC). All information is gathered using RPC calls and Admin shares. 21

How do I migrate the database from one SQL Server to another SQL Server? Refer to the MS Knowledge Base articles regarding the Backup, detach, and move, then perform the following procedure on the Spotlight on Active Directory console. To migrate the Spotlight on Active Directory database from one SQL Server to another SQL Server 1 Stop the following services: DataManagerSLAD & DiagnosticTestEngineSLAD & Distributed Collector. 2 Open the registry key HKEY_LOCAL_MACHINE\Software\Quest Software\Spotlight on Active Directory\DbServerName, and change the value of the entry DatabaseServerName to the server name of the new SQL Server. 3 Change the "ImagePath" string for the two Spotlight on Active Directory services to point to the new DB host machine, by making the following registry changes: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DataManagerSLAD String Value: ImagePath has the database connection string that needs to be changed. Change the "Data Source" in the connection string. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DiagnosticTestEngineSLAD String Value: ImagePath has the database connection string that needs to be changed. Change the "Data Source" in the connection string. 4 Add the same DB connection string for the Scheduled tasks Directory Objects Collector, SLAD - Purge Counter Values, and Refresh SLAD Discovery by right-clicking the task and selecting Properties. The tasks need to be updated on the Diagnostic Services host and all Console hosts (not all tasks may be present on the Console only installs). 5 Restart the following services in this order: For Web Reports 1 DataManagerSLAD 2 DiagnosticTestEngineSLAD 3 Distributed Collector 1 Change the following file so it points to the new SQL Server/db and uses new credentials if required: C:\Program Files\Dell\Spotlight On Active Directory\WebReports.UDL 2 Change the following reg key to point to the new SQL Server host name: HKLM\Software\Dell\SpotlightOnAD\ClientDB. 3 Start the DataManagerSLAD & DiagnosticTestEngineSLAD & Distributed Collector services. How do I move Spotlight on Active Directory from one server to another? Can I keep my settings? The Spotlight on Active Directory database contains all of the configuration data for your Spotlight on Active Directory. If you move your database, the configurations are moved along with it. The procedure to move from one server to another depends on where your database is installed. If your components (including the database) are on one host computer 1 Backup your database. 2 Restore the database on the new host computer. 3 Uninstall Spotlight on Active Directory from the old host computer. 22

4 Install Spotlight on Active Directory on the new host computer. If the database resides on a separate computer 1 Uninstall Spotlight on Active Directory from the old host computer. 2 Install Spotlight on Active Directory on the new host computer. You can redirect the Spotlight on Active Directory Topology Viewer to a new location the next time you launch it. Why do some Web Reports show no data? Web Reports will not show data until the analysis test (that provides the data) is run. The individual web reports inform you which test you need to execute to obtain data. How do I perform a distributed installation? For more information, see on page 14. to perform a distributed installation. How do I execute tests, using the Collector Management Console, if I have an invalid port? The Collector Management Console requires Microsoft Management Console (MMC) 3.0 to run. MMC 3.0 can be installed on Windows 2003 platforms only. The MMC is installed by default on later versions of operating systems. If you change a Distributed Collector to listen on an invalid port, such as port 80, the Collector will no longer be accessible through the Collector Management Console and will not execute tests. To execute tests 1 Go to C:\Program Files\Dell\Common Files\ Distributed Collector. 2 Double-click CollectorConfiguration.exe. The Collector Configuration dialog box opens. 3 Enter 9605 in the Listening Port box. How do I enable remote connections on SQL 2005 Express? By default, remote connections are disabled for SQL 2005 Express. This needs to be enabled in order to install Diagnostic Services on a different machine that the Spotlight on Active Directory database. To enable remote connections 1 Open SQL Server 2005 Surface Area Configuration tool. 2 Click Surface Area Configuration for Services and Connections. NOTE: Click OK when you receive the following message: Changes to Connection Settings will not take effect until you restart the Database Engine service. 3 Expand Database Engine, click Remote Connections, click Local and Remote Connections, click the appropriate protocol to enable for your environment, and then click Apply. 4 Expand Database Engine, click Service, click Stop, wait until the MSSQLSERVER service stops, and then click Start to restart the MSSQLSERVER service. For more information, see http://support.microsoft.com/kb/914277. 23

What rights do I need to run this application? You need Administrator rights to run Spotlight on Active Directory. Admin Share access is available to Administrators only. The Time Period column of the Authentications Hourly Report is showing 00:00 as the time value. How do I fix this? To fix this issue 1 Open the SQL Server Management Studio. 2 Connect to the Spotlight on Active Directory database (Slad) on designated host name. 3 Open WRDefaultValues.sql. 4 Click Execute. The Directory Replication Health Test sometimes does not populate the table in the test results. How do I fix this? To fix this issue Launch Sites and Services through Microsoft Native Tools to ensure that your connection has not timed out and/or you have sufficient domain administrative permissions. 24

About Dell Dell listens to customers and delivers worldwide innovative technology, business solutions and services they trust and value. For more information, visit www.software.dell.com. Contacting Dell Technical support: Online support Product questions and sales: (800) 306-9329 Email: info@software.dell.com Technical support resources Technical support is available to customers who have purchased Dell software with a valid maintenance contract and to customers who have trial versions. To access the Support Portal, go to http://software.dell.com/support/. The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. In addition, the portal provides direct access to product support engineers through an online Service Request system. The site enables you to: Create, update, and manage Service Requests (cases) View Knowledge Base articles Obtain product notifications Download software. For trial software, go to Trial Downloads. View how-to videos Engage in community discussions Chat with a support engineer 25