posts - 104 , comments - 115 , trackbacks - 0

My Links

News

Disclaimer: Right here... Github: Code all the things! PS GUI Series: < Coming Soon! > PS Scripts: < Coming Soon! >

Tag Cloud

Article Categories

Archives

Post Categories

Blogs

Forums

Lync

Storage

Tools

Virtualization

Web comics

Coexistence between Exchange forests (without trusts…) -- Part 5: Preparing the GALSync Server

Installing the MIM server Prerequisites

Note: The exchange 2007 management tools need to be installed on the MIM server for it to be able to provision users correctly.

Note: In order for the GALSync process to access the exchange 2010 environment the server(s) that will be used to create objects with will have to be added to the WinRM ‘Trusted Hosts’ list (Due to the lack of a two-way trust)

 

Installing prerequisites

import-module ServerManager

Install-WindowsFeature Net-Framework-Features,rsat-ad-powershell,Application-Server,Windows-Identity-Foundation,Server-Media-Foundation,Xps-Viewer –includeallsubfeature -restart -source d:\sources\SxS

WinRM Trusted hosts

Add the remote domain machine we'll be connecting to (exchange powershell) for provisioning to the trustedhosts list: “set-item -path WSMAN:\localhost\client\trustedhosts -value 'Exchange 2010 servername’ –concatenate”

In order to test if the server can access the Exchange 2010 environment use the following commands:

· $rs = new-pssession -conf microsoft.exchange -conn http://EX2010FQDN/PowerShell -auth kerberos -cred (get-credential)

· Invoke-Command $rs {get-recipient -ResultSize 1}

Prepare Active Directory for GALSync

Note: Change the password in variable “$SP” below to match your password policy for service accounts.

import-module activedirectory

$sp = ConvertTo-SecureString "Pass@word1" –asplaintext –force

New-ADUser –SamAccountName MIMMA –name MIMMA

Set-ADAccountPassword –identity MIMMA –NewPassword $sp

Set-ADUser –identity MIMMA –Enabled 1 –PasswordNeverExpires 1

New-ADUser –SamAccountName MIMSync –name MIMSync

Set-ADAccountPassword –identity MIMSync –NewPassword $sp

Set-ADUser –identity MIMSync –Enabled 1 –PasswordNeverExpires 1

New-ADUser –SamAccountName SqlServer –name SqlServer

Set-ADAccountPassword –identity SqlServer –NewPassword $sp

Set-ADUser –identity SqlServer –Enabled 1 –PasswordNeverExpires 1

New-ADUser –SamAccountName BackupAdmin –name BackupAdmin

Set-ADAccountPassword –identity BackupAdmin –NewPassword $sp

Set-ADUser –identity BackupAdmin –Enabled 1 -PasswordNeverExpires 1

New-ADGroup –name MIMSyncAdmins –GroupCategory Security –GroupScope Global –SamAccountName MIMSyncAdmins

Note: Replace the values in the below command with the appropriate values for the domain.

New-ADGroup –name MIMSyncOperators –GroupCategory Security –GroupScope Global –SamAccountName MIMSyncOperatorssetspn -S FIMSync/..local \MIMSync

New-ADGroup –name MIMSyncJoiners –GroupCategory Security –GroupScope Global –SamAccountName MIMSyncJoiners

New-ADGroup –name MIMSyncBrowse –GroupCategory Security –GroupScope Global –SamAccountName MIMSyncBrowse

New-ADGroup –name MIMSyncPasswordReset –GroupCategory Security –GroupScope Global –SamAccountName MIMSyncPasswordReset

Add-ADGroupMember -identity MIMSyncAdmins -Members Administrator

 

Configure the server security policy

Note: This is necessary to allow them to run as services.

1. Launch the Local Security Policy program.

2. Navigate to Local Policies, User Rights Assignment.

3. On the details pane, right click on Log on as a service, and select Properties.

4. Click Add User or Group, and in User and group names, type corp\mimsync; corp\mimma; corp\SqlServer, click Check Names, and click OK.

5. Click OK to close the Log on as a service Properties window.

6. On the details pane, right click on Deny access to this computer from the network, and select Properties.

7. Click Add User or Group, and in the User and group names, type corp\MIMSync; corp\MIMService and click OK.

8. Click OK to close the Deny access to this computer from the network Properties window

9. On the details pane, right click on Deny log on locally, and select Properties.

10. Click Add User or Group, and in the User and group names, type corp\MIMSync; corp\MIMService and click OK.

11. Click OK to close the Deny log on locally Properties window.

12. Close the Local Security Policy window.

 

Install SQL server 2014 (if required)

Note: Change the value of to match your netbios name for the active directory domain.

.\setup.exe /Q /IACCEPTSQLSERVERLICENSETERMS /ACTION=install /FEATURES=SQL,SSMS /INSTANCENAME=MSSQLSERVER /SQLSVCACCOUNT="\SqlServer" /SQLSVCPASSWORD="Pass@word1" /AGTSVCSTARTUPTYPE=Automatic /AGTSVCACCOUNT="NT AUTHORITY\Network Service" /SQLSYSADMINACCOUNTS="\Administrator"

 

ArrowGreen

Coexistence between Exchange forests (without trusts…)  -- Part 4: Preparing the US Exchange 2010 environment

ArrowGreen Coexistence between Exchange forests (without trusts…)  -- Part 6: Installing the MIM 2016 Synchronization Service (GALSync)

Print | posted on Monday, October 19, 2015 8:59 AM | Filed Under [ None ]

Feedback

No comments posted yet.
Post A Comment
Title:
Name:
Email:
Comment:
Verification:
 

Powered by: