Preparing Directory Services For Active Directory - HP ntegrity iLO 2 MP Operation Manual

IMPORTANT:
administrator must extend the schema.
• Extending the schema in the Microsoft Windows 2000 Server Resource Kit, available at:
http://www.microsoft.com
• Installing Active Directory in the Microsoft Windows 2000 Server Resource Kit, available
at:
http://www.microsoft.com
• Microsoft Knowledge Base articles:
— 216999 "How to Install the Remote Server Administration Tools in Windows"
— 314978 "How to Use Adminpak.msi to Install a Specific Server Administration Tool in
Windows 2000"
— 247078 "How to Enable SSL Communication over LDAP for Windows 2000 Domain
Controllers"
— 321051 "How to Enable LDAP over SSL with a Third-Party Certification Authority"
— 299687 MS01-036 "Function Exposed by Using LDAP over SSL Could Enable Passwords
to Be Changed"
The iLO 2 MP requires a secure connection to communicate with the directory service. This secure
connection requires the installation of the Microsoft CA. For more information, see the following
Microsoft technical references:
• Securing Windows 2000, Appendix D, Configuring Digital Certificates on Domain Controllers
for Secure LDAP and SMTP Replication at:
• Microsoft Knowledge Base Article 321051 "How to Enable LDAP over SSL with a Third-Party
Certification Authority"

Preparing Directory Services for Active Directory

To set up directory services for use with the iLO 2 MP, follow these steps:
1. Install Active Directory. For more information, see the resource kit, Installing Active Directory
in the Microsoft Windows 2000 Server.
2. Install the Microsoft Admin Pack (the ADMINPAK.MSI file, which is located in the i386
subdirectory of the Windows 2000 Server or Advanced Server CD). For more information,
see the Microsoft Knowledge Base Article 216999.
3. In Windows 2000, the safety interlock that prevents accidental writes to the schema must
be temporarily disabled. The schema extender utility can do this if the remote registry service
is running and you have appropriate rights. You can also do this by setting
HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services NTDS Parameters Schema
Update Allowed in the registry to a nonzero value (see the "Order of Processing When
Extending the Schema" section of the Installation of Schema Extensions in the Windows
2000 Server Resource Kit), or by doing the following:
CAUTION:
recommends creating a backup of any valued data on the computer before making changes
to the registry.
NOTE:
a. Start the MMC.
b. In MMC, install the Active Directory schema snap-in.
c. Right-click Active Directory Schema and select Operations Master.
d. Select The Schema may be modified on this Domain Controller.
e. Click OK.
To install directory services for the iLO 2 MP, an Active Directory schema
Incorrectly editing the registry can severely damage your system. HP
This step is not necessary if you are using Windows Server 2003.
http://www.microsoft.com
Directory Services for Active Directory 153