locked
PCNS Installation Procedure Clarification RRS feed

  • Question

  • The documentation and technical articles on PCNS are not clear on a few points:

    1) While the schema extension needs to be installed only once per forest and the PCNS service once per DC per domain with password synchronization, is an SPN set once per domain, or once per DC?

    2) Is PCNScfg configured once per domain, or for each domain controller with PCNS installed?

    Could someone please clarify the requirements for these steps?

    Markus, if you or someone in Microsoft could update the documentation to clarify these points, that would be most helpful.

    Thanks,

    Jeffrey Harris

    Friday, January 19, 2007 3:46 PM

Answers

  • The SPN is set once for the MIIS computer account.

    PCNScfg is once per domain.

    Friday, January 19, 2007 4:18 PM

All replies

  • The SPN is set once for the MIIS computer account.

    PCNScfg is once per domain.

    Friday, January 19, 2007 4:18 PM
  • Michael,

    Thanks for the clarification.  But if there are multiple domains in the forest configured for password synchronization, does the SPN need to be set in each domain, even if all the domains are using the same MIIS server?

    Jeffrey Harris

    Sunday, January 21, 2007 7:57 PM
  • No, the Service Principal Name is set once and is stored on the MIIS service account in the servicePrincipalName attribute.  (It isn't on the computer account as I stated earlier, I double checked since I wasn't sure.)

    Monday, January 22, 2007 2:28 PM