HP Remote Insight Lights-Out Edition II Board User Manual

Directory services 84

•

Extending the Schema in the Microsoft® Windows® 2000 Server Resource Kit, available at
http://msdn.microsoft.com

•

Installing Active Directory in the Microsoft® Windows® 2000 Server Resource Kit

•

Microsoft® Knowledge Base Articles

•

216999 Installing the remote server administration tools in Windows® 2000

•

314978 Using the Adminpak.msi to install a server administration tool in Windows® 2000

•

247078 Enabling SSL communication over LDAP for Windows® 2000 domain controllers

•

321051 Enabling LDAP over SSL with a third-party certificate authority

Directory services preparation for Active Directory

To set up directory services for use with RILOE II management processors:

1.

Install Active Directory. For more information, refer to Installing Active Directory in the Microsoft®
Windows® 2000 Server Resource Kit.

2.

Install the Microsoft® Admin Pack (the ADMINPAK.MSI file, which is located in the i386
subdirectory of the Windows® 2000 Server or Advance Server CD). For more information, refer to
the Microsoft® Knowledge Base Article 216999.

3.

In Windows® 2000, the safety interlock that prevents accidental writes to the schema must be
temporarily disabled. The schema extender utility can do this if the remote registry service is running
and the user has sufficient rights. This can also be done by setting

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ServicesParameters\Schema

Update Allowed

in the registry to a non-zero value (refer to the "Order of Processing When

Extending the Schema" section of Installation of Schema Extensions in the Windows® 2000 Server
Resource Kit) or by the following steps. This step is not necessary if you are using Windows® Server
2003.

IMPORTANT: Incorrectly editing the registry can severely damage your system. HP recommends creating a

back up of any valued data on the computer before making changes to the registry.

a.

Start MMC.

b.

Install the Active Directory Schema snap-in in MMC.

c.

Right-click Active Directory Schema and select Operations Master.

d.

Select The Schema may be modified on this Domain Controller.

e.

Click OK.

The Active Directory Schema folder might need to be expanded for the checkbox to be available.

4.

Create a certificate or install Certificate Services. This step is necessary to create a certificate or
install Certificate Services because RILOE II communicates with Active Directory using SSL. Active
Directory must be installed before installing Certificate Services.

5.

To specify that a certificate be issued to the server running active directory:

a.

Launch Microsoft® Management Console on the server and add the default domain policy snap-
in (Group Policy, then browse to Default domain policy object).

b.

Click Computer Configuration>Windows Settings>Security Settings>Public Key
Policies.

c.

Right-click Automatic Certificate Requests Settings, and select new>automatic
certificate request.

d.

Using the wizard, select the domain controller template, and the certificate authority you want to
use.