Best practices for installing Standalone Sharepoint server with AD Integration?
- Hi,I have tried to Install MOSS 2007 on a windows 2003 server running SQL Server 2005 and I have failed everytime to get the active directory integration working correctly, either the server fails to recognise any account in the domain or the people picker does not work.I would like to ask anyone who can help how to setup each of the accounts that sharepoint asks for so that I can rule out my setup.My setup is as follows.Windows 2003 Server running SQL Server 2005 + all pre req'sWe have a an AD Forest that encompasses 6 domains (I hope my terminology is correct). I wish for my sharepoint server to be able to use accounts from any of these domains.1) The first account I am asked for on install is the Database Access Account , I have read the following and I would like to know if it is correct?Important: This account is the Office SharePoint Server 2007 service account under which several Office SharePoint Server 2007 services run. The user account that you specify as the Office SharePoint Server 2007 service account must be a domain user account, but it does not need to be a member of any specific security group on your front-end servers or your back-end database servers. However, the user account that you specify must be a member of the following two SQL Server security roles on your back-end database servers: Database Creator and Security Administrator. It is recommended that you follow the principle of least privilege and specify a user account that is not a member of the Administrators group as your Office SharePoint Server 2007 service account.Is the above correct and if so does the domain account have to be in any specific domain?Many thanksSteve
- Edited byMike Walsh MVPMVP, ModeratorMonday, November 23, 2009 5:22 PMTitle unnecessarily long - cut down. Bold, blue removed - no need.
Answers
- Hi,
For a list of account permissions for single server environments, see the Office SharePoint Server security account requirements (http://go.microsoft.com/fwlink/?LinkID=92883&clcid=0x409) planning tool,
or view the requirements listed in the Technical reference: Account requirements by scenario section of this article.
Best Regards, Ammar MCT- Marked As Answer byRock Wang– MSFTMSFT, ModeratorFriday, November 27, 2009 4:46 AM
- I would recommend putting it on the domain that the server is actually a member of, but I don't think that is required. I would also recommend using the Farm Administrator account to configure the services if you are not already. You said it had trouble recognizing "your" account but I wasn't sure if you meant your personal account or the service account.
When working with multiple domains the key is to have the trust established between the domains. If the trust is in place, things get a whole lot easier. Here is a resource that helps explain some of the details: http://blogs.msdn.com/sharepoint/archive/2006/03/15/552331.aspx
Another thing to check. Make sure that the account you are using has access to read from AD. In some orgs, this is locked down.
SharePoint Developer | Administrator | Evangelist -- Twitter -- Blog - http://nextconnect.blogspot.com- Marked As Answer byRock Wang– MSFTMSFT, ModeratorFriday, November 27, 2009 4:45 AM
Hi,
The words above is correct, but it doesn’t mean the domain account need to be in any specific domain. It doesn't really matter which domain you use.
To deploy Office SharePoint Server 2007 in a server farm environment, you must provide credentials for several different accounts. For information about these accounts, see Plan for administrative and service accounts (Office SharePoint Server) in the Planning and architecture for Office SharePoint Server 2007 guide.
For more information about install Office SharePoint Server 2007 in a server farm environment, please refer to the following article:
Install Office SharePoint Server 2007 in a server farm environment
http://technet.microsoft.com/en-us/library/cc303400.aspx
Note: The account that you select for installing Office SharePoint Server 2007 needs to be a member of the Administrators group on every server on which you install Office SharePoint Server 2007. However, you can remove this account from the Administrators group on the servers after installation.
Hope this helps.
Rock Wang
Rock Wang– MSFT- Marked As Answer byRock Wang– MSFTMSFT, ModeratorFriday, November 27, 2009 4:46 AM
All Replies
- Hi,
For a list of account permissions for single server environments, see the Office SharePoint Server security account requirements (http://go.microsoft.com/fwlink/?LinkID=92883&clcid=0x409) planning tool,
or view the requirements listed in the Technical reference: Account requirements by scenario section of this article.
Best Regards, Ammar MCT- Marked As Answer byRock Wang– MSFTMSFT, ModeratorFriday, November 27, 2009 4:46 AM
- I would recommend putting it on the domain that the server is actually a member of, but I don't think that is required. I would also recommend using the Farm Administrator account to configure the services if you are not already. You said it had trouble recognizing "your" account but I wasn't sure if you meant your personal account or the service account.
When working with multiple domains the key is to have the trust established between the domains. If the trust is in place, things get a whole lot easier. Here is a resource that helps explain some of the details: http://blogs.msdn.com/sharepoint/archive/2006/03/15/552331.aspx
Another thing to check. Make sure that the account you are using has access to read from AD. In some orgs, this is locked down.
SharePoint Developer | Administrator | Evangelist -- Twitter -- Blog - http://nextconnect.blogspot.com- Marked As Answer byRock Wang– MSFTMSFT, ModeratorFriday, November 27, 2009 4:45 AM
Hi,
The words above is correct, but it doesn’t mean the domain account need to be in any specific domain. It doesn't really matter which domain you use.
To deploy Office SharePoint Server 2007 in a server farm environment, you must provide credentials for several different accounts. For information about these accounts, see Plan for administrative and service accounts (Office SharePoint Server) in the Planning and architecture for Office SharePoint Server 2007 guide.
For more information about install Office SharePoint Server 2007 in a server farm environment, please refer to the following article:
Install Office SharePoint Server 2007 in a server farm environment
http://technet.microsoft.com/en-us/library/cc303400.aspx
Note: The account that you select for installing Office SharePoint Server 2007 needs to be a member of the Administrators group on every server on which you install Office SharePoint Server 2007. However, you can remove this account from the Administrators group on the servers after installation.
Hope this helps.
Rock Wang
Rock Wang– MSFT- Marked As Answer byRock Wang– MSFTMSFT, ModeratorFriday, November 27, 2009 4:46 AM
- Hi All,Thanks very much for all your help. I have followed the advice above but I still encounter the same issue I have on each install I have performed. The problem I have is that once Sharepoint 2007 has installed I open the admin console and login, then I chose operations and choose to add a new user to the farm administrators group. If i put the username in the white box it resolves correctly to the users domain account but if I use the people picker it cannot find any accounts at all. Does anyone know why this is not working?ThanksSteve
