Setting Up a Domain Controller and Database Server
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Before installing a root cluster or a licensing-only cluster, make sure that you have implemented appropriate domain and database support by using Active Directory and a database server, such as SQL Server 2000 with Service Pack 3 (SP3), Microsoft® SQL Server 2000 Desktop Engine (MSDE 2000) Release A, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition (EE). Although your production environment may already be running the required components, it is not recommended to use a production environment for testing.
The following procedures set up both a domain controller and a database server on a single computer in an isolated network for server-side testing purposes.
Note
In this example, the database server runs on the domain controller. In a production environment, it is generally not recommended that you host other components on a domain controller. Active Directory and the database server are installed on the same computer in this example to enable installation of the complete infrastructure on a minimum number of computers.
If you choose to use MSDE 2000 or SQL Server 2005 EE as your database server, you should be aware that it does not support any network interfaces and that the terms of use for these products specify that you cannot use SQL Server client tools to manipulate the database. With this restriction you will be unable to view logging information or change data that is stored in the configuration database. Therefore, we recommend that MSDE 2000 or SQL Server 2005 EE only be used to support RMS databases in test environments.
| Infrastructure Component | Steps to Set up a Domain Controller and Database Server | Notes for Deployment in a Production Environment |
|---|---|---|
Operating system |
On a computer that meets the RMS hardware requirements but that is not yet connected to a network, install Windows 2000 Server with SP3 or later or Windows Server 2003. Use the NTFS file system on the partition. |
It is strongly recommended that you always install the latest service pack and updates. Use NTFS-formatted partitions. |
Network connection |
Make a connection to a network that provides Internet connectivity but that is isolated from the production environment. |
The Internet connection should have an appropriate firewall. |
IP address |
Assign a static IP address to this computer. |
Always use static IP addresses for servers. |
Active Directory |
Log on as a local administrator. |
|
|
Click Start, click Run, type |
|
|
When the Active Directory Installation Wizard starts, go through the wizard to create a new domain in a new forest, and accept the default options, except for the following: Specify the domain name, for example, specify contoso.com. Let the wizard configure DNS on the computer. Select Permissions compatible only with Windows 2000 servers if all domain controllers are running Windows 2000 or later. Provide a strong password for the local administrator. |
If new domains are required to implement RMS, set them up in Active Directory. Always use strong passwords for all accounts. |
|
Restart the computer when you are prompted to do so. |
|
|
Verify the functional level by opening the Active Directory Users and Computers snap-in, right-clicking the domain name, clicking Properties, and then verifying the setting that is in the Domain operation mode box. If there are no domain controllers running versions of Microsoft Windows earlier than Windows 2000, click Change mode to have the domain operate in Native mode. Note: In Windows Server 2003, the setting Domain operation mode is replaced with Domain functional level. |
For optimum security and manageability, you should not use the Windows 2000 mixed functional level for RMS support. |
User accounts |
Create a domain user account to use as the RMS service account for RMS, such as ContosoRMS@contoso.com. Specify a strong password. Be sure that you specify an e-mail address for the user. If the e-mail address is not specified in Active Directory the user will not be able to get licenses and certificates from RMS. Note: The RMS service account cannot be the same domain account that was used to install RMS. |
You should create a separate account in Active Directory to be used by the RMS service account. Include an e-mail address. Do not give the account any special permissions. |
SQL Server 2000 |
Log on to the server on which you intend to install the database. If it is installed on the same server as the domain controller, you must log on as a domain administrator. |
|
|
Follow the instructions provided with your database software to install the database server software. |
|
|
Use server best practices to install the database server, such as:
|
You should use integrated Windows Authentication Mode. If you cannot run your database server in this mode, contact your domain administrator and database server administrator to determine what changes may be required in the RMS setup. |
|
Verify that the database service is stopped. |
|
|
Install any software updates for your database server. When you are prompted for a password, use the same password that you specified during installation. |
|
|
Restart the computer. Verify that the database service is started. |
|
|
Verify all user accounts that will be using RMS have valid e-mail address attributes in Active Directory. |
|
|
Ensure that the domain user who will be administering RMS (and provisioning the root and licensing-only clusters) has the required database server permissions. If you are using SQL Server as your database server you can add a login identifier for the user who is using the SQL Server Enterprise Manager snap-in. In the snap-in, expand the server and the server group, and then expand the Security item. Click the Logins item, add a new login for the user’s domain account, click the Server Roles tab, and then select the Server Administrators check box. |
Important: All users and groups who use RMS to acquire licenses and publish content must have an e-mail address configured on their account in the Active Directory Users and Groups MMC snap-in, on the General tab of the user Properties. |
Internet connection (optional) |
Verify that your browser and server (including any required proxy server configurations), TCP/IP, and LMHOSTS/HOSTS are configured correctly to access the Internet |
In a Web browser, verify Internet access. |
Software updates |
Download and install the latest updates for the software installed on this computer (including the latest security updates from Windows Update). |
Always download and install the latest service updates. |
After you follow all of the previous steps, you are ready to do the initial setup (including installing prerequisite software) on the computers that will run RMS.