Installing active directory on windows server 2008 – HP Integrated Lights-Out User Manual
Page 148
Directory services 148
iLO 2 requires a secure connection to communicate with the directory service. This requires the installation
of the Microsoft® CA. Refer to the Microsoft® technical reference Knowledge Base Article 321051: How
to Enable LDAP over SSL with a Third-Party Certification Authority.
Installing Active Directory on Windows Server 2008
For the Default Schema:
1.
Disable IPV6, and install Active Directory, DNS, and root CA to Windows Server® 2008.
2.
Log in to iLO, and access the Directory Settings page. Click Administration>Security>Directory.
3.
In Directory Settings, enter the settings for your directory.
4.
In Directory User Context, enter the settings for you directory.
5.
Create the Administer Groups for your iLO users.
6.
Click Administration>Network>DHCP/DNS and in Domain Name, and Primary DNS server, modify
the settings for your environment.
For the Extended Schema:
1.
Disable IPV6, and install Active Directory, DNS, and root CA to Windows Server® 2008.
2.
The iLO LDAP Component requires .Net Framework 1.1_4322. Install .Net Framework.
3.
Install the latest iLO LDAP Component (sp31581 or later.)
4.
Extend the schema using the HP Management Devices Schema Extender.
5.
Install the HP the LDAP component snap-in.
6.
Create the HP Device, and HP Role.
7.
Log in to iLO, and access the Directory Settings page. Click Administration>Security>Directory.
8.
Enter the Directory Settings for your directory.
9.
Enter the Directory User Context.
10.
Click Administration>Network>DHCP/DNS and in Domain Name, and Primary DNS server modify,
the settings for your environment.
The LDAP component does not work with a Windows Server® 2008 core installation.
Directory services preparation for Active Directory
To set up directory services for use with iLO 2 management processors:
1.
Install Active Directory. For more information, refer to Installing Active Directory in the Microsoft®
Windows® 2000 Server Resource Kit.
2.
Install the Microsoft® Admin Pack (the ADMINPAK.MSI file, which is located in the i386
subdirectory of the Windows® 2000 Server or Advance Server CD). For more information, refer to
the Microsoft® Knowledge Base Article 216999.
3.
In Windows® 2000, the safety interlock that prevents accidental writes to the schema must be
temporarily disabled. The schema extender utility can do this if the remote registry service is running
and the user has sufficient rights. This can also be done by setting
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ServicesParameters\Schema
Update Allowed in the registry to a non-zero value (refer to the "Order of Processing When
Extending the Schema" section of Installation of Schema Extensions in the Windows® 2000 Server
Resource Kit) or by the following steps. This step is not necessary if you are using Windows® Server
2003.