installation guide - imanamidl.imanami.com/pub/groupid 5.5.3772.0/installation_guide.pdfinstallation...

Installation Guide

Published By Imanami Corporation 2301 Armstrong St. Suite 211 Livermore, CA 94551, United States

Copyright 2010 by Imanami Corporation.

All rights reserved. No part of this document may be reproduced or transmitted in any form or by means without the written permission of Imanami Corporation. Imanami made every effort in the preparation of this document to ensure the accuracy of the information. However, the information contained in this document comes without warranty, either expressed or implied. Imanami is not liable for any damage, cost or alleged cost either directly or indirectly by this document.

Other product and company names mentioned herein may be the trademarks of their respective owners.

Prepared By Imanami Technical Communications Team

Document Information Document Version: 1.6.0 First Edition Release Date: November 06, 2009 This Release: May 21, 2010 Supported GroupID Version: 5.5

Feedback and Support For feedback on this document, please write to: [email protected] For complaints or technical support, please contact: [email protected]

mailto:[email protected]


Table of Contents

1. ........................................................................................................... vii Notational Conventions

2. ................................................................................................................................. 1 IntroductionGroupID .......................................................................................................................................................................... 1

3. ................................................................................................................ 3 System RequirementsHardware Requirements .............................................................................................................................................. 3 Software Requirements ................................................................................................................................................ 3 Configuration Requirements for Different IIS and Windows Platforms ............................................................ 4

4. ............................................................................................. 7 Installing and Removing GroupIDBefore you Install ........................................................................................................................................................... 7

Backing up your SmartDL groups .......................................................................................................................... 7 Groups Expiry Precaution ....................................................................................................................................... 7 Active Directory Only Environments ................................................................................................................... 8 Security Group Expiration ....................................................................................................................................... 9

Installing GroupID ......................................................................................................................................................... 9 Launching GroupID ................................................................................................................................................. 16

Post Installation Configuration ................................................................................................................................. 16 Changing the User Account for Imanami Exchange Server 2007 COM+ Service ..................................... 16 Creating an Administrator Account for Active Directory and Exchange ................................................... 17 Installing IIS ................................................................................................................................................................ 19 Installing GroupID Lotus Notes Web Service ................................................................................................... 20 Installing Group Usage Service ............................................................................................................................. 26

Removing GroupID ..................................................................................................................................................... 31

5. ....................................................................................................... 33 Upgrading to GroupID 5.5GroupID Upgrade Wizard ......................................................................................................................................... 33

6. .................................................................................................................................... 41 LicensingTypes of Licenses ......................................................................................................................................................... 41

Evaluation License .................................................................................................................................................... 41 Module License ........................................................................................................................................................ 41 Full License ................................................................................................................................................................ 41

Licensing GroupID ...................................................................................................................................................... 41 Upgrading from an Evaluation License to a Full License ..................................................................................... 42

7. ........................................................................................................................ 43 TroubleshootingInstalling and removing GroupID ............................................................................................................................. 43 Licensing Problems ...................................................................................................................................................... 44

8. ................................................................................................................................ 45 AppendicesAppendix A - Screenshots ......................................................................................................................................... 45 Appendix B- Creating the Global Configuration Group interactively .............................................................. 50

v

Installation Guide

vi

1. ............................................................................................................................................. 50 Using ADSIEdit2. ........................................................................................................... 50 Using GroupID Management Shell

Appendix C - Installing Windows PowerShell 1.0 on Windows Server 2008 ................................................ 51

Notational Conventions To help you locate and interpret information easily, this guide follows consistent structure and standard conventions in each topic. These conventions are explained below:

Notation Meaning

bold Name of user interface elements and commands. The word that requires emphasis is also presented as bold.

<italic> Placeholders that should be replaced with appropriate values.

Courier New Command syntax and examples.

Gill Sans MT Notes and tips.

vii

1

Introduction GroupID

GroupID is a suite of applications that provide Group and Identity Management solutions for your enterprise needs. Built upon the foundation of Imanami's best selling products WebDir, SmartDL, SmartR and DTM, GroupID takes the concept of automation and flexible management one step further. GroupID extends the capabilities and features of these products with the next generation of upgrades by integrating all the previous applications into a single unified user interface.

Synchronize

GroupID Synchronize enables you to transfer data in a flexible, convenient and secure manner between directories, databases or files. Manipulate data by applying simple transformations to join fields, to add or remove characters; or to perform complex conversions by writing your own script for transforming data before getting saved at the target destination. Create a script and run to preview the results before actually committing changes. Save and schedule your jobs to run unattended at a later time.

Self-Service

Reduce the overhead on your network administrators and empower your users to carryout common tasks, such as updating their own information within Active Directory. Assign responsibilities at various levels by authorizing specific users to manage Groups, Contacts or Users. Define Workflows to route User requests through assigned authorities for approval. Create groups with a limited life span, setting them to renew, expire and automatically be deleted from the source directory keeping your directory clean and preventing group glut .

Automate

GroupID Automate offers enhanced administration and automation features for Active Directory Groups. Use Automate to create and update Group memberships dynamically when changes occur within your organization. Share your administrative responsibilities with others by assigning multiple owners to groups while you are out of office. Create Private, Semi-Private, Semi-Public and Public Groups depending on the level of access you require.

Reporting

GroupID Reporting lets you analyze and monitor your Active Directory and Exchange Server activities and collect statistical information about critical objects, thus enabling you to have an up-to-date picture of GroupID progress.

System Requirements Hardware Requirements

Windows® XP, Windows® Vista, Windows® 7, Windows® Server 2003/2008

• Intel® Pentium® IV (2.4GHz or Higher)

• 4GB of RAM

• 100MB or more of hard drive space available for execution

Software Requirements

Windows

• Windows® XP, Windows® Vista, or Windows® 7

• Windows® Server 2003, Windows® Server 2008, or Windows® Server 2008 R2

Active Directory and Exchange

• Active Directory® 2003, or Active Directory® 2008

• Exchange Server 2003, Exchange Server 2007 SP2, or Exchange Server 2010

Miscellaneous Requirements (installed on the same computer as GroupID )

• Internet Information Server (For Self-Service module. Recommendation is to install this before .NET framework.)

• Microsoft® .NET Framework 3.5 with Service Pack 1

• Microsoft® Management Console 3.0 (MMC 3.0 is included in Microsoft Windows Server 2003 R2 and in Microsoft Windows Vista)

• Windows® PowerShell 1.0 (PowerShell 1.0 is included as a standard feature with Windows Server 2008, although it is not installed by default. See Appendix C for instructions on installing this.)

• Windows® PowerShell 2.0 (required for Exchange Server 2010) (This is by default installed with Windows Server 2008 R2)

• Windows® Remote Management (WinRM) 2.0 (for Exchange Server 2010)

• Microsoft® Exchange 2007 Management Tools

• Microsoft® Distributed Transaction Coordinator (This service should be, by default, installed on machines running Microsoft Windows 2000 and higher operating systems. The DTC is essential for configuring the Exchange Service Component and hence must be running on the computer where you plan to install GroupID.)

• Microsoft SQL Server 2005 Native Client (For Security Group Expiration feature)

3

Installation Guide

• Microsoft SQL Server 2005 Command Line Query Utility (For Security Group Expiration feature)

Configuration Requirements for Different IIS and Windows Platforms

Platform Requirement Should be

How to check Figure

• Launch Programs and Features.

ASP.NET Installed IIS 7.5 - Windows 7

• Click Turn Windows features on or off.

• On the Windows Features dialog, expand Internet Information Services.

• Launch the Internet Information Services (IIS) Manager from Administrative Tools.

Enabled IIS 7 - Windows Server 2008,

Windows Authentication

See Appendix A, Figure A-1

IIS 7.5 - Windows Server 2008 R2 • On the

Connections pane, click the server node.

• On the Features View, double-click Authentication.

• In the Authentication pane, see status for the Windows Authentication.

• Launch the Server Manager from Administrative Tools.

Installed Application Development


• Expand the Roles node and click Web Server (IIS).

• In the Summary section, see the Role Services list.

4

System Requirements

5

IIS 7 - Windows Vista

ASP.NET Installed • Launch Programs and Features.

• Click Turn Windows features on or off.

• On the Windows Features dialog, expand Internet Information Services.


IIS 6 - Windows Server 2003

ASP.NET 2.0 Installed, Allowed

• Launch the Internet Information Services (IIS) Manager from Administrative Tools.

• Expand the server node and then click Web Service Extensions.


Installing and Removing GroupID Before you Install

Backing up your SmartDL groups

Imanami recommends performing a backup of the SmartDL group information prior to installing GroupID for the first time. The following unsupported script is provided as a guide for performing this task.

Please contact Microsoft should you have any questions about ways for backing up or restoring your entire Group information in Active Directory.

From the domain controller, execute the following command:

ldifde -f c:\groupinfobeforeGroupID.ldf -r "(&(objectClass=group)(objectCategory=group)(|(extensionData=SD4=*)(&(!extensionData=*)(|(extensionAttribute13=*)(extensionAttribute14=*)))))" -p Subtree -l extensiondata,extensionAttribute13,extensionAttribute14

Restoring SmartDL group information

To restore the group information, use the above command and modify as per the following instructions:

1. Replace changetype: add with changetype: modify.

2. Add replace: extensiondata before the first extensiondata::.

3. In the end of each object record, type a hyphen (-) followed by a blank line. For example:

dn: CN=sSDL,OU=test,DC=w2k8-64,DC=com changetype: modify replace: extensiondata extensionData:: U0Q0PTE7MTslQU5ZU0VSVkVSJTtEQz13Mms4LTY0LERDPWNvbTs3OzsyOyo7Kjs7Ozs7OzsKCgoKCg o2MzM1OTMwOTgwNzMzODgzMzg7UUFYUDQ1OzE= - dn: CN=ssd,OU=test,DC=w2k8-64,DC=com changetype: modify replace: extensiondata extensionData:: U0Q0PTE7MTslQU5ZU0VSVkVSJTtHQz1kYy53Mms4LTY0LmNvbTs3OzsyOyo7Kjs7Ozs7OzsKCgoKCg o2MzM1OTMyMjQ1MDE3NjAxOTk7UUFYUDQ1OzE= -

4. Type and run the following command from the domain controller:

ldifde -i -f c:\groupinfobeforeGroupID.ldf

Groups Expiry Precaution

When you launch GroupID for the first time; it applies a default global expiration policy that is, Never Expire to all the existing groups in the Active Directory irrespective of whether they are created using GroupID or not. The expiration date set for these groups is calculated as:

7

Installation Guide

Expiration Date = GroupID Installation Date + Global Expiration Policy

The group expiration function is only executed when the Self-Service module is licensed to run. Expiring a group performs the following three actions on the group:

1. Mail-disables the group, if it is mail-enabled.

2. Adds the Expired_ prefix to the group name.

3. Moves the group in a separate node named Expired Groups.

The group expiration does not affect its membership. So, whenever the group is renewed, it is ready to be used with all its members present. Renewing a group performs the following actions on the group:

1. Mail-enables the group, if it is mail-disabled.

2. Removes the Expired_ prefix from the group name.

3. Moves the group from the Expired Groups node to the node where it was created.

4. Sets the expiration date of the group, calculated as: Expiration Date = Group Renewal Date + Group Last Expiration Policy

If you do not want certain groups to be affected by the global expiration policy, you can place those groups in certain containers and add those containers in the GLM exclusion list. If you want to prevent all groups from being affected by the global expiration policy, you can disable the Group Management Service. Refer to the GroupID Help and the GroupID User Manual for more details.

Active Directory Only Environments

Environments running Active Directory only, without Exchange, will require extending their schema for GroupID to work properly as GroupID makes use of various Exchange attributes for many of its features. GroupID uses the extensionData attribute to store configuration and query information for each group. This process does not require a complete Exchange deployment in your environment. The following instructions list the procedure for installing the Exchange schema extensions.

1. Launch the Windows Command Prompt.

2. Move to the directory containing Microsoft Exchange setup.

3. Type and then run the following command depending on the version of your Windows server:

• For Windows Server 2003

setup.com /prepareschema

• For Windows Server 2007

setup.com /schemaprep

The schema extensions require Windows Server 2007 domain functional level to be set to Windows 2000 native or Windows 2003 native.

8

Installing and Removing GroupID

Security Group Expiration

The default Group Lifecycle Management implementation in GroupID does not prevent the members of an expired security group from accessing the network resources that are assigned to that group. The Security Group Expiration component overcomes this limitation. This is an optional feature that installs by default in the typical and complete setup types. You will need to choose the custom setup type, if you do not want to install this feature.

Security Group Expiration depends on Microsoft SQL Server for its functioning. The supported versions are Microsoft SQL Server 2005 or higher. Other client tools for SQL Server, requiring installation on the GroupID machine, are given in the Software Requirements section.

This feature is disabled by default and will need to be enabled from within GroupID once you have it installed. If you have GroupID installed on more than one computer in your organization, Security Group Expiration will have to be enabled and configured on all computers running GroupID. Failing to do so will result in inconsistent behavior of security group memberships and may even disturb their settings in Active Directory.

Installing GroupID

The following instructions assume you have downloaded GroupID from the Imanami download site. Please send an e-mail to [email protected] or contact your Imanami sales representative if you need assistance with the download.

To install GroupID, please follow the instructions given below.

1. Run the GroupID Setup file to begin the installation. Setup will start extracting files required to install GroupID into a temporary location on your C drive (see figure below). Refer to Licensing section for more information about GroupID Licensing.

To run the setup file, you should be a member of the local Administrators group on the member server or client where GroupID is being installed.

9


Installation Guide

Figure - GroupID installer copying the setup files to a temporary location

2. The Welcome page of GroupID setup wizard will appear once the setup has extracted all the required files. Click Next to continue.

10


Figure - The Welcome page

3. On the License Agreement page, review and accept the Licensing Agreement by selecting I accept the terms in the License Agreement. Click Next.

11

Installation Guide

Figure - The License Agreement page

4. On the Customer Information page:

i. In the User Name box, type the name under which you want to install the program.

ii. In the Organization box, type the name of your organization.

iii. From the Install this application for section, select one of the following:

a. Anyone who uses this computer (all users), to install and make GroupID available for all users using this computer.

b. Only for me [User Name], to install and make GroupID available only for the current Windows logged on user (this is the user account you are logged on with).

iv. Click Next.

Figure - The Customer Information page

5. On the Choose Setup Type page, choose one of the installation types:

• Typical, to install the most common program features.

• Complete, to install the complete program features.

• Custom, to select features yourself and change the installation directory.

12


Figure - The Choose Setup Type page

6. Selecting Custom will present you with an additional page for selecting which features you want to install. Clicking the icon next to the feature will display the list of options from which you can select the action for it. Use the Browse button to change the installation directory. Below is the list of available features along with a brief description of each:

i. GroupID Management Console, a custom Microsoft Management Console with the GroupID snap-in added. Refer to GroupID Help for detailed information about the console.

ii. GroupID Lotus Notes Webservice, a service responsible of creating user ID files and mail files on the Lotus Notes server. See Installing GroupID Lotus Notes Web Service section for more information about the service.

iii. GroupID Management Shell, a command-line utility enabling you to perform group management tasks. Refer to the GroupID Management Shell Guide to learn about this utility.

iv. Security Group Expiration Plugin, a plug-in required for expiring and renewing security groups.

v. GroupID Self-Service, a Web interface allowing you to update and manage users and groups in Active Directory. Refer to GroupID Help for more information about the service.

vi. GroupID Usage Service, a service responsible for gathering group usage information from Exchange. See Installing Group Usage Service section to learn more.

13

Installation Guide

vii. GroupID Management Service, a service responsible for expiring and deleting groups and sending notifications for these actions. The detailed functionality of the service is covered in GroupID Help.

Figure - Custom Setup page

7. Click Next to proceed.

8. On the Ready to Install the Program page, click Install to begin the installation.

14


Figure - The Ready to Install the Program page

If you are connected to a domain running Exchange Server 2007 or higher, then during installation GroupID creates a user account, GroupIDSSPUser (under Users node), in the Active Directory that it uses to connect and communicate with the Exchange server. This account should not be deleted otherwise you will not be able to perform Exchange related tasks using GroupID.

9. The Install Wizard Completed page will appear when the installation has finished. On this page, click Finish to complete and close the installation window. If you want to launch GroupID just after the wizard ends, select the Launch GroupID check box before clicking Finish.

15

Installation Guide

Figure - The Install Wizard Completed page

Launching GroupID

You can launch GroupID from the Windows Programs menu by pointing to Imanami, GroupID 5.5, and then clicking GroupID Management Console. When GroupID is launched for the first time, GroupID collects information about its domain and configures its settings accordingly. It creates a new group, GroupIDGlobalConfigurationSettings (under Users node), in the Active Directory and saves its settings to it. This group is created for every domain within a single Active Directory forest. The process of creating the group requires the use of an administrator user account. See Creating an Administrator Account for Active Directory and Exchange for instructions on creating the account. Both the user account and the group should not be deleted otherwise it will cause Self-Service and Automate modules to dysfunction. The configuration group can also be created interactively using the GroupID Management Shell. For more information, see Appendix B.

Post Installation Configuration

Changing the User Account for Imanami Exchange Server 2007 COM+ Service

Imanami Exchange Server 2007 service enables connectivity and communication between GroupID and networks running Microsoft Exchange Server 2007. When installing GroupID, this service is by default configured to run under the user account running the installation. Some administrators may prefer running such application services under a user account specifically created for this purpose. This section provides information on how to set the Exchange Server 2007 COM+ service to run under a different user account.

The following instructions list the procedure for changing the account setting:

16


1. From Windows Control Panel, Administrative Tools open Component Services.

2. Expand Component Services, Computers, My Computer and then the COM+ Applications node.

3. Right-click Imanami ServiceExchange2007 and then click Properties.

4. On the Imanami ServiceExchange2007 Properties dialog, click the Identity tab.

5. By default, the application is set to run under the user account that was used while installing GroupID. Use the fields in the This user section to set application to run using a different account. In this section:

i. Type the user account name for running the service in the User box.

ii. Type the password for the user account in the Password box, and then retype it in the Confirm password box for verifying its correct entry.

6. Click OK to set the new account and save settings.

7. Restart the service.

Creating an Administrator Account for Active Directory and Exchange

Prior to launching GroupID, it is recommended that you add a new security account that has administrative permissions to Active Directory and Exchange Server (if deployed on the server) objects and use this security account to connect GroupID to the domain.

The instructions below guide you on how you can create a security account in Active Directory:

1. Open Active Directory Users and Computers.

• For Windows Servers, click Windows Start button, click Programs (or All Programs), point to Administrative Tools, and then click Active Directory Users and Computer.

• For Windows XP, click Windows XP Start button, click Control Panel, click Performance and Maintenance, click Administrative Tools and then double-click Active Directory Users and Computer. (The given instructions are for the default Windows XP views. Please refer to Windows Help for instructions on the Classic views.)

• For Windows Vista, click Windows Vista Start button , click Control Panel, click System and Maintenance, click Administrative Tools and then double-click Active Directory Users and Computer. (The given instructions are for the default Windows Vista views. Please refer to Windows Help for instructions on the Classic views.)

• For Windows 7, click Windows 7 Start button , click Control Panel, click Administrative Tools and then double-click Active Directory Users and Computer.

2. In the directory tree, right-click the Users container, point to New, and then click User. This will start the wizard for creating a new user.

3. Enter in all required information for the user as you walk through the wizard.

17

Installation Guide

4. As the wizard completes, click the Users container and you will see the newly created user in the Users list.

5. Double-click the user to open its Properties page.

6. Click the Member Of tab and add the following groups in the Member of list by clicking Add.

• Administrators • Domain Admins • Enterprise Admins • Group Policy Creator Owners • Schema Admins

7. Click OK to close the Properties dialog box.

The above steps will create a user account and grant administrative privileges to it for the Active Directory objects. To set administrative permissions on Exchange Server objects for this user, follow the instructions below:

For Exchange Server 2003

1. In the Windows Programs menu, point to Microsoft Exchange, and then click System Manager.

2. Right-click the organization where you want to delegate administrative permissions, and then click Delegate control. This starts the Exchange Administration Delegation wizard.

3. On the welcome page of the Exchange Administration Delegation wizard, click Next.

4. On the Users or Groups page, click Add. This displays the Delegate Control dialog box.

5. On the Delegate Control dialog box:

• Click Browse and on the Select Users, Computers, or Group dialog box:

o In the Enter the object name to select box, type the name of the user you have just created and press Enter. This displays the name of the user in the box.

o Click OK to close the dialog box.

• In the Role list, click Exchange Full Administrator and then click OK to close the dialog box. The user or the group that you added appears in the Users and groups list.

6. Click Next and then click Finish.


1. In the Windows Programs menu, point to Microsoft Exchange Server 2007 and then click Exchange Management Console.

2. In the console tree, right-click Organization Configuration and then click Add Exchange Administrator. This starts the Add Exchange Administrator wizard.

18


3. On the Add Exchange Administrator wizard, click Browse and on the Select User or Group to Delegate dialog box:

• From the list, select the user you have just created.

• Click OK to close the dialog box.

4. Under the Select the role and scope of this Exchange administrator, click Exchange Public Folder Administrator role and then click Add.

5. On the Completion page; review the summary, and then click Finish to close the Add Exchange Administrator wizard.


1. Launch the Exchange Management Shell and type the following command:

Add-RoleGroupMember "Recipient Management" -Member domain\user

Installing IIS

The Self-Service module of GroupID requires Microsoft Internet Information Server (IIS) 6.0 or higher for Portal creation. The IIS is Microsoft's implementation of a Web server for the Windows platform. IIS should be installed on the same machine where GroupID is installed. By default, IIS is not installed on Windows operating systems. You have to install it separately.

The instructions below guide you on how to install IIS on your Windows server or client:

To install IIS on Windows® XP

1. Click the Windows® Start button, click Control Panel and then click Add or Remove Programs.

2. Click Add/Remove Windows Components.

3. On the Windows Component page of the wizard, select the Internet Information Services (IIS) check box in the Components list.

4. Click Next.

5. Follow the instructions on the wizard to complete the installation. When the wizard completes the installation, click Finish.

To install IIS on Windows® Vista

1. Click the Windows® Vista Start button , and then click Control Panel.

2. On the Control Panel window, click Programs and then click Programs & Features.

3. Click Turn Windows features on or off.

4. On the Windows Features dialog box, select the Internet Information Service check box and click OK.

To install IIS on Windows® Server 2003

1. Click the Windows Start button, point to Control Panel and then click Add or Remove Programs.

19

Installation Guide

2. Click Add/Remove Windows Components.

3. On the Windows Components page of the wizard, select the Application Server check box in the Components list.

Selecting Application Server performs a default installation of Internet Information Services (IIS) on the server.

4. Click Next.

5. When the wizard completes the installation, click Finish.

To install IIS on Windows® Server 2008

You must be a member of the IIS Web Server administrative role to perform this procedure.

1. Click the Windows® Start button, point to Administrative Tools and then click Server Manager.

2. In the Role Summary section, click Add Roles.

3. On the Select Server Roles page of the wizard, select the Web Server (IIS) check box and click Next.

4. Follow the instructions on the wizard to complete the installation.

Installing GroupID Lotus Notes Web Service

GroupID Lotus Notes Web service works with Synchronize module and is responsible for creating user ID files and mail files on the Lotus Notes server when a synchronize job is set to be executed from some data source to a Lotus Notes destination. GroupID Synchronize requires this service running on the Lotus Notes server to carry out a successful data transfer.

Lotus Notes Web service is not installed with GroupID using the Typical setup type. If you are installing GroupID on a machine where Lotus Notes server is already installed, the service can be installed using the Complete or Custom setup type. The GroupID setup wizard also places the setup file for the Lotus Notes Web service in the GroupID installation directory which you can use to install the Web service on the required Lotus Notes server in your environment.

Installing GroupID Lotus Notes Web Service during GroupID Installation

1. Follow the instructions 1 through 5 as previously mentioned in Installing GroupID section.

2. On the Setup Type page, select Custom and click Next.

20



3. On the Custom Setup page, click icon beside the GroupID Lotus Notes Webservice option and select Will be installed on local hard drive.

21

Installation Guide

Figure - The Custom Setup page

4. Click Next.

5. On the Ready to Install the Program page, click Install and then on the completion page, click Finish to complete the installation.

Installing GroupID Lotus Notes Web Service manually on a Lotus Notes Server

1. Open the installation directory for GroupID. The default installation location is, X:\Program Files\Imanami\GroupID - where X is the drive where the installation directory is located.

2. Double-click the Synchronize directory and then double-click the LotusNotes directory to open it.

3. Copy the GroupIDLotusNotesWebService.exe file to the machine running Lotus Notes server.

4. Run GroupIDLotusNotesWebService.exe on the Lotus Notes server to begin the installation. This will start the setup wizard.

5. The Welcome page of Web Service setup wizard will appear once the setup has extracted all the required files. Click Next to continue.

22


Figure - The Welcome page

3. On the License Agreement page, review and accept the Licensing Agreement by selecting the I accept the terms in the License Agreement option. Click Next.

23

Installation Guide

Figure - The License Agreement page

4. On the Customer Information page:

i. In the User Name box, type the name under which you want to install the program.

ii. In the Organization box, type the name of your organization.

iii. From the Install this application for section, select one of the following:

a. Anyone who uses this computer (all users), to install and make GroupID available for all users using this computer.

b. Only for me [User Name], to install and make GroupID available only for the current Windows logged on user (this is the user account you are logged on with).

iv. Click Next.

Figure - The Customer Information page

5. On the Ready to Install the Program page, click Install to begin the installation.

24


Figure - The Ready to Install the Program page

6. When the installation completes, the Install Wizard Completed page will appear. On this page, click Finish to complete the installation.

25

Installation Guide

Figure - The Install Wizard completed page

Installing Group Usage Service

The Group Usage Service is an added feature of Imanami GroupID and does not automatically install. Working under the Automate license, this service is used for monitoring and creating a time stamp for each group when an Exchange expansion event occurs. This event occurs when an Exchange server expands a distribution list for sending message. The event is recorded in the Exchange server's message tracking log from where the Group Usage Service parses and records the time stamp the distribution list was last used. Then using Imanami Reporting module, you can review the information in a nicely formatted report named "Distribution groups and the time they were last used".

Before installing the Group Usage Service, please verify that message tracking is enabled on all Exchange servers in the Active Directory forest and the Domain administrators group have Read permissions to the Exchange tracking log directory.

For performance reasons, it is recommended not having more than one installation running in a single Exchange organization at any given time. However, if you choose to use multiple instances of the Group Usage Service, please set up each installation to manage a different Exchange server in the organization otherwise you will end up with redundant data.

Installing the Group Usage Service during GroupID Installation

The Group Usage Service is not installed with GroupID using the Typical setup type. To install the service, you need to select either the Complete or Custom setup type. The installation procedure is the same for Typical and Complete setup types. Use the following instructions to install Group Usage Service with the Custom setup type:

1. Follow the instructions 1 through 5 as previously mentioned in Installing GroupID section.

2. On the Setup Type page, select Custom and click Next.

26



3. On the Custom Setup page, click icon beside the Group Usage Service option and select This feature will be installed on local hard drive.

27

Installation Guide


4. Click Next.

5. On the Ready to Install the Program page, click Install and then on the completion page, click Finish to complete to installation.

Installing the Group Usage Service after GroupID installation

You can install the Group Usage Service separately, if you have not installed it with GroupID. The following instructions guide you on how to perform a separate installation of the Group Usage Service:

To install the Group Usage Service on Windows® XP:

1. Click the Windows® XP Start button, click Control Panel, and then click Add or Remove Programs.

2. From the Currently installed Programs list, locate and select Imanami GroupID 5.5 and click Change.

3. On the welcome page of the wizard, click Next.

28


Figure - Welcome page

4. On the Modify, Repair or Remove installation page, select Modify and click Next.

29

Installation Guide

Figure - Program Maintenance page

5. On the Custom Setup page, click next to the Group Usage Service option and select Will be installed on local hard drive.


6. Click Next.

7. On the Ready to Install page, click Install and then on the completion page, click Finish to complete the installation.

30


Figure - The Completion page

To install the Group Usage Service on Windows® Vista, Windows® Server 2008, Windows® 7:

1. Click the Windows® Start button, and then click Control Panel.


3. From the Uninstall or Change a program list, locate and select Imanami GroupID 5.5 and click Change.

4. Follow the steps 3 through 7 from the To install Group Usage Service on Windows XP section to complete the installation.

Removing GroupID

To remove GroupID on Windows® XP:

1. Click the Windows® XP Start button, click Control Panel, and then click Add or Remove Programs.

2. From the Currently installed Programs list, locate and select Imanami GroupID 5.5.

3. Click Remove and then click Yes on the confirmation dialog box.

To remove GroupID on Windows® Vista, Windows® Server 2008, Windows® 7:

1. Click the Windows® Start button, and then click Control Panel.


31

Installation Guide

32

3. From the Uninstall or Change a program list, locate and select Imanami GroupID 5.5.

4. Click Uninstall and then click Yes on the confirmation dialog box.

Following the above instructions will remove Imanami GroupID from your computer. However, it will leave the GroupID directory and the files for Self-Service Portals. You will need to remove them manually using the following instructions:

To remove the GroupID installation directory:

• Go the location X:\Program Files\Imanami (where X represents the GroupID installation drive).

• Delete the directory named GroupID.

To remove the Self-Service Portals files:

• Open Internet Information Service console by typing inetmgr in the Windows Run dialog box.

• Under the Web Sites node in the console tree, locate the Portals that you have created using the GroupID's Self-Service module.

• Delete each Portal one-by-one by right-clicking the Portal and clicking Delete in the shortcut menu.

Upgrading to GroupID 5.5 If you are using a previous version of GroupID (5.0) or any of the previous Imanami products: DTM, WebDir and SmartDL; it is necessary for you to upgrade your existing data in order to be able to manage it using GroupID 5.5. This upgrade updates all your existing data and most configurations to GroupID 5.5 format. Without upgrading, you will not be able to manage previous products data in GroupID 5.5.

Imanami products versions from which you can upgrade to GroupID 5.5 are given in the following list. Versions older than those given in the list cannot be upgraded. Please contact [email protected] for further assistance.

• GroupID 5.0 • DTM 3.0 • WebDir 4.0 • SmartDL 4.0

For GroupID 5.0, DTM 3.0 and WebDir 4.0, you need to install GroupID 5.5 on the same computer where these products are installed. For SmartDL 4.0 this is not necessary since the data for SmartDL groups are stored in Active Directory and not on the local machine except for any scheduled tasks. As the scheduled tasks are local to a computer, you will need to recreate them after the upgrade. When upgraded, you may remove the previous Imanami products from your computer as you cannot run them side-by-side with GroupID 5.5.

Upgrading to GroupID 5.5 is an irreversible process and you will not be able to undo it. It is therefore recommended to take a backup of your Active Directory before doing the upgrade. See Backing up Group Information from Active Directory at the beginning of this guide for more information about this process.

GroupID Upgrade Wizard

The following section assumes that you have installed GroupID 5.5 and are launching it for the first time.

Upgrading to GroupID 5.5 requires you to run the GroupID Upgrade Wizard. The upgrade wizard provides a simplified step-by-step procedure for upgrading to GroupID 5.5. The number of steps involved depends on the modules purchased with GroupID 5.5.

The following steps list the procedure for upgrading to GroupID 5.5.

The steps given in the instructions below are for a full licensed copy of GroupID 5.5. These steps may vary depending on the modules that you have purchased.

1. On GroupID Management Console, click the Configurations node, and then click Upgrade Wizard. This launches the GroupID Upgrade Wizard.

33


Installation Guide

Figure - The Welcome page.

2. The Welcome page provides you information on what tasks the wizard will perform to upgrade the existing products (if any) to the new format and make them compatible with their counterparts in GroupID 5.5. Once you have read the instructions, click Next to continue.

3. On the Synchronize page, the wizard shows the number of DTM 3.0 or GroupID Synchronize 5.0 Jobs found on your computer. These Jobs will be upgraded to GroupID Synchronize 5.5 format to enable them to be managed through it.

34

Upgrading to GroupID 5.5

Figure - The Synchronize page.

4. Click Next.

5. The Automate page shows the target domain name where it will search for the SmartDL 4.0 or GroupID Automate 5.0 data to upgrade to the latest format. This data will either be related to an extension attribute or extensiondata attribute.

35

Installation Guide

Figure - The Automate page.

The Advanced Settings section is available by clicking the button. This section is about where the previous query information (SmartDL 4.0) and group permissions (WebDir 4.0) are stored so that they are brought forward into the new modules: Automate and Self-Service.

In the Advance Settings section:

• From the SmartDL 4.0 section:

i. From the Attribute list select the extension data attribute configured for SmartDL 4.0.

ii. The Prefix box is read-only and shows the characters used as prefix when storing and reading data in the specified extension data attribute. The prefix is used to distinguish the version of SmartDL groups so the correct groups are converted during this process.

iii. From the SDGUS Attribute list, select the extension data attribute configured for SmartDL 4.0 Group Usage Service.

• From the WebDir 4.0 section:

36


i. From the Attribute list, select the name of the extension data attribute configured for WebDir 4.0.

ii. The Prefix box shows the characters used as prefix when storing and reading data in the specified extension data attribute. The prefix is used to distinguish the version of WebDir groups so the correct groups are converted during this process.

SmartDL 4.0 lets you change where the query is stored. If you have selected extensiondata or extension attributes for different groups, they will not be recognized in Automate until the appropriate attribute is selected. For this reason, you may need to run the wizard multiple times in order to have all your groups upgraded to GroupID 5.5 so they can managed using the GroupID Management Console.

6. Click Next.

7. The Automate Backup page provides you instructions on how to backup and restore your Active Directory data. Read the instructions on this page carefully before proceeding.

Figure - The Automate Backup page.

8. Click Next.

37

Installation Guide

9. On the Self-Service page, the wizard displays the list of WebDir 4.0 virtual servers and GroupID Self-Service 5.0 Portals it found. The Self-Service 5.0 Portals are selected by default. However, you can also select WebDir 4.0 virtual servers that you want to upgrade to GroupID Self-Service 5.5.

• The upgrade wizard also suggests a name for each WebDir 4.0 virtual server with which it will upgrade it to the Self-Service 5.5 Portal. You can change the name by double-clicking the Portal Name box for the required virtual server.

Figure - The Self-Service page.

10. Click Next.

11. The Upgrading page starts the upgrade process and shows the overall progress. You can also

view the progress for each individual task by expanding the Tasks section by clicking .

38


Figure - The Upgrading page.

12. The last page of the wizard displays the status of the upgrade process. It will also report any errors, if encountered, during the upgrade process.

39

Licensing Types of Licenses

Evaluation License

An evaluation license is intended to allow customers to evaluate all modules of GroupID in their test environment for a period of 30 days.

Module License

A module license allows you to use a particular module without any restrictions. You can obtain a module license for Synchronize, Automate or Self-Service.

GroupID Reporting is a license free module.

Full License

A full license provides you unrestricted access and allows you to use the product to its full potential.

Licensing GroupID

To use GroupID with all its features, you need to have a license number and a license key. If you want to evaluate GroupID before purchasing it, you can obtain a 30 days evaluation license for it. The evaluation license provides unrestricted access to all GroupID modules; Self-Service, Automate and Reporting. For Synchronize, the access is limited to transferring only first 100 records for all Synchronize Jobs. The instructions for entering license information are given in the following. You can also contact Imanami support for assistance. When you purchase GroupID, you simply need to enter your new license number and license key and all your existing work done with the evaluation license will continue to work.

Entering the license information for GroupID

1. From GroupID MMC, click the Configuration node and then click Modify User Options.

2. On the Options dialog box, click Licensing and then click Add.

3. On the Edit License dialog box:

i. In the License number box, type the license number for your copy of GroupID.

ii. In the License key box, type the key provided by Imanami for your copy of GroupID.

4. Click OK and restart GroupID.

The license or licenses entered will show in the Licenses list. This list will provide the following information about every license provided:

• Status - The expiry date of the license.

• Number - This is the license number that you entered.

• Key - This is the license key that you entered.

• Licenses - The number of computers this license is valid for.

41

Installation Guide

• Module - The name of the module this license applies to. If a complete license was purchased, this will show All. Otherwise the name of the particular module will be displayed here.

The Options dialog box

Upgrading from an Evaluation License to a Full License

To upgrade evaluation license version of Imanami GroupID or any of its modules to full license version, please contact Imanami Sales. You will be provided with a new license number and a license key. You are just required to replace the evaluation license number and key with the new one and all your existing work done with the evaluation license will continue to work. A full license provides you unrestricted access to the product.

For instructions on how to provide new license details for GroupID or its different modules, please see the topic, Licensing GroupID.

42

Troubleshooting Installing and removing GroupID

Problem Solution

Error 1001 encountered while installing GroupID. The setup rolls back and GroupID is not installed.

This problem occurs if you are installing GroupID on a computer which previously had SmartDL installed. To resolve this problem remove SmartDL from your computer.

To remove the program from your computer:

• In the Windows Run dialog box, type appwiz.cpl. • Click OK. • From the Add or Remove Programs utility, select

Imanami SmartDL 4.0 and then click Remove. • Restart your Windows.

After the restart, launch the Windows Service Manager and check for the following services:

• Imanami Group Usage Service • Imanami Group Management Service

If both these services, or any one of them exists you need to remove them first before installing GroupID. If these services do not exist, you are good to go with the installation.

To remove a service from your computer:

Before trying any of the following methods, make sure that the service to remove is not running. I running, stop the service first.

Method 1:

Use the Windows command-line tool sc.exe.

To delete a service using sc on your computer, type: sc delete [service name]

C:> sc delete "Imanami Group Management Service"

Method 2:

Only use this method if you are not able to remove the service using Method 1.

1. Open the Windows Run dialog box, and type regedit. 2. Click OK. 3. Go to the location,

HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services

43

Installation Guide

44

4. Locate the required service and delete its key.

Error while Creating a Global Configuration Group

See Appendix B.

Error 26402 - Failed to create user due to invalid password, is encountered for Self-Service while installing GroupID.

See the article, Error: 26402 during GroupID installation (http://community.imanami.com/forums/thread/1017.aspx) on Imanami Knowledge Base.

Error 1306 - Another application has exclusive access to the file 'C:\Lotus\Domino\Data\UserProvision.nsf'. Please shut down all other applications, then click Retry.

This problem occurs if you are removing GroupID or Lotus Notes Web Service on a machine running Lotus Notes server. To resolve this problem:

1. Open the Windows Run dialog box, and type services.msc.

2. Click OK. 3. From the Services list, locate Lotus Domino Server

(LotusDominoData). 4. Right-click the service and click Restart.

This prompts the Service Control dialog box showing the progress. The dialog box automatically gets closed as the service restarts.

Licensing Problems

Problem Solution

OK button is not enabled on entering license information.

Providing valid license information after a new installation of GroupID, sometimes, does not enable the OK button on the Licensing window. This problem can be resolved by logging off and then logging on again.

http://community.imanami.com/forums/thread/1017.aspx

Appendices Appendix A - Screenshots

Figure A-1, IIS Manager for Windows Server 2008

45

Installation Guide

Figure A-2, Server Manager for Windows Server 2008

46

Appendices

Figure A-3, Application Pool Defaults dialog box

47

Installation Guide

Figure A-4, Windows Features dialog

48

Appendices

Figure A-5, IIS Manager for Windows Server 2003

49

Installation Guide

Appendix B- Creating the Global Configuration Group interactively

When GroupID is connected to a domain for the first time, it automatically creates a new group, GroupIDGlobalConfigurationSettings (under Users node), in Active Directory that it uses to store the global configurations related to the domain. These configurations include:

• The default expiration policy to be applied to new groups • The list of organizational units to be included in or excluded from the expiration • The deletion interval for the expired groups • The default approver to whom the notifications should be sent for the groups having no owner • The Self-Service Portal URL where to redirect users for taking an action against notifications

This configuration group is maintained individually for every domain storing the respective configuration settings. Creating this group requires the use of an administrative account or a user account with administrative privileges to the domain. Without this group, the Automate and Self-Service modules stop functioning. If due to improper privileges, GroupID fails to create the group or the group is mistakenly deleted from Active Directory, you can create the group using either of the following methods:

1. Using ADSIEdit

1. Create a Universal Distribution group named GroupIDGlobalConfigurationSettings in any organizational unit.

2. Set the adminDescription and description attributes to This is GroupID Configuration Group, it should not be deleted.

3. Set the extensionData attribute to 49 4D 47 43 6F 6E 66 69 67 75 72 61 74 69 6F 6E 3D 31.

2. Using GroupID Management Shell

On the GroupID Management Shell, execute the following command:

New-ConfigurationGroup

By default, GroupID creates the configuration group in the Users organizational unit. You can specify a different organizational unit by providing its distinguished name (DN) in the command, as:

New-ConfigurationGroup -OrganizationalUnit "OU=Configurations,DC=HR,DC=imanami,DC=US"

The creation of the configuration group requires the use of an administrator account or a user account having administrative privileges to the domain.

50

Appendices

Appendix C - Installing Windows PowerShell 1.0 on Windows Server 2008

Follow the instructions below to install Windows PowerShell 1.0 on Windows Server 2008:

1. Launch the Server Manager from Administrative Tools.

2. Expand the Roles node and click Features.

3. In the Features Summary section, click Add Features. This displays the Add Features Wizard.

4. On the Select Features page, select the Windows PowerShell check box and click Next.

Figure - The Select Features page

5. On the Confirmation page, click Install to begin the installation.

6. When the installation completes, click Close to close the wizard.

51

installation guide - imanamidl.imanami.com/pub/groupid 5.5.3772.0/installation_guide.pdfinstallation...

Documents