Functional Level of Domain Controller and Active Directory
NET Framework version 4.0 on the target domain controller and any other domain controllers in the forest. You can download the appropriate .NET framework from the Microsoft Download Center.
You do not have to open any inbound ports from the internet to your domain controllers.
Enable the following ports on the Directory Sync server:
Communications between Directory Sync and Rackspace is secured through HTTPS.
Communications between the Active Directory password hook and Directory Sync is secured with Microsoft WCF Transport Security which uses Windows Authentication and encryption.
The installation files can be found while logged into either cp.rackspace.com or into the my.rackspace.com; depending on how you normally log in.
Admins that log into my.rackspace.com (Must be logged in as primary contact)
Admins that log into cp.rackspace.com (Must have Super Admin permission)
Choose the appropriate installer, based on either 32 or 64 bit platforms.
See the Rackspace Directory Sync Administrator's Guide to learn more about the features and how to use it after installation.
Copy the appropriate, platform specific, Directory Sync Service .msi file to the domain controller.
There are two services that are installed with the Directory Sync System, the Directory Sync Service and the Password Hook. The Directory Sync Service is a Windows service which automatically synchronizes user information and requires a local service account under which to run. The Password Sync Service is a password handler which automatically synchronizes user password changes.
NOTE: The Directory Sync Service will run as the “Local System account” on the domain controller.
Follow the prompts for installing Directory Sync Service.
1. Click Next to begin the Directory Sync Service Setup Wizard.
2. Click Install.
3. You will have to restart your system for the changes to take effect. Click Yes if you wish to restart now.
4. Upon restart, install will continue. Click Install
5. Click Finish to complete the install process.
6. The web user interface for validation and synchronization will automatically launch when installation completes. A shortcut to the web UI will be created on both the Start Menu and on the Desktop.
If the following error appears in your web browser:
"The current identity (NT AUTHORITY\SYSTEM) does not have write access to 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files'."
This message may appear among other confusing "unhandled exception" information in your web browser after installing Directory Sync. The most likely problem is the "Temporary ASP.NET Files" folder does not exist. Create the folder 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files' and refresh the browser.
To start synchronizing active directory changes with Rackspace, the Directory Sync Service must be configured. Open the Directory Sync Service administrative web application.
1. Sync Registration Page: Enter your Control Panel Admin ID and Password associated with your Rackspace Email & Apps account and click Register.
2. Local AD Domain: Verify that the appropriate local active directory domain is selected.
3. Hosted Exchange: Select the appropriate Security Group to be synced with Microsoft Exchange mailboxes.
4. Hosted Email: Select the appropriate Security Group to be synced with Rackspace Email mailboxes.
5. Administrator email: All alerts will be sent to this email address.
6. Time to Send Summary Email: Set the time a summary report of changes synced with your active directory will be sent to the Administrator email address. By default, this will be set to 08:00.
7. Click Save & Start Sync to begin a Full Sync.
There are two types of synchronization:
NOTE: No changes are EVER made by the Directory Sync Service to the directory; all access is read-only.
During the Installation, the Directory Sync Password Handler Install folder is created on the desktop. This installer allows you to synchronize your users' passwords across multiple domain controllers.
The .msi file within the folder should be installed on the secondary domain controllers only.
This process applies to multiple domain controllers; it can be more than two. Repeat these steps for each additional domain controller in the AD forest. Below are the steps needed to complete the install of all other domain controllers in the AD forest.
ALERT: YOU MUST RESTART EACH DOMAIN CONTROLLER TO COMPLETE THIS PROCESS. PLEASE PERFORM THIS ACTION DURING OFF HOURS.
1. Copy the msi file to the new domain controller.
2. Double click the install file. A window will appear click the next and install button to start.
3. After a minute to 3 minutes it will complete and ask you to restart your DC.
4. After restart the installer will start up to finish the installation.
5. Click the final Install button and finish and it will finish installing the Password Handler.
At this time you have successfully installed the Password Handler of Directory Sync
Please ensure that you install this on the secondary DC of your Domain not the Primary.
This application will run in the background there will be no Settings screen as this looks to the primary program installed on the first DC.
Now that the installation is complete, check out the Rackspace Directory Sync Administrator's Guide to learn how to use it and its features.
© 2011-2013 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License