Ensure the server on which you will install PeopleUpdate meets the following requirements before installing the application. You can check the full list of system requirements at System Requirements.
|
Server Hardware |
500 MHZ Pentium III and higher, 128MB RAM, 50MB free disk space |
|
Server Operating System |
Windows Server 2003 or later |
|
Web Server |
Internet Information Services 6.0 or later (Windows Server 2003 ships with IIS 6.0) |
|
ASP.NET |
.NET 2.0 only; you can download and install the free Microsoft .NET framework from http://msdn.microsoft.com/netframework/downloads/howtoget.asp. |
|
Active Directory |
Windows 2000 schema or later |
You may need to check the version of certain products you are using to verify they meet the PeopleUpdate requirements.
Each operating system Microsoft produces maps to a version of IIS and you have IIS 6.0 if you are running Windows 2003.
|
Windows Server 2003 |
IIS 6.0 |
|
Windows XP |
IIS 5.1 |
|
Windows 2000 |
IIS 5.0 |
|
Windows NT 4.0 or Windows 9x |
Look for Windows NT 4.0 Option Pack in Add/Remove Programs (Control Panel). If it is there, you are running IIS 4.0 (NT Server) or PWS 4.0 (NT Workstation or Win9x). |
Go to the Microsoft Knowledge Base article at http://msdn2.microsoft.com/en-us/netframework/aa569264.aspx to check if you have version 2.0 of the .NET framework installed on your web server. If you do not have it installed, the article contains instructions about how to download and install version 2.0.
Most environments allow a default PeopleUpdate installation, with no custom configuration for your environment, to search and display most attributes in Active Directory. Editing and updating Active Directory attributes, however, requires elevated privileges and most environments will not allow a default PeopleUpdate installation to update the directory. By default, PeopleUpdate uses anonymous binding to talk to Active Directory and therefore only has very limited privileges that are typically set to only allow searching for a small subset of Active Directory attributes.
Web Active Directory recommends that you create a service account in your domain dedicated to running PeopleUpdate. PeopleUpdate uses the service account to bind to your Active Directory to perform search and update operations instead of passing the PeopleUpdate user's credentials to Active Directory for binding. Web Active Directory has chosen to implement the service account model instead of passing user credentials to simplify the Active Directory configuration required to run PeopleUpdate. You only need to configure Active Directory permissions that delegate read and write permissions to the PeopleUpdate service account.
PeopleUpdate requires that your service account have write permissions on the attributes you intend to update. Once you create the PeopleUpdate service account in your domain, use the procedure below to grant the necessary permissions to run PeopleUpdate.
Open Active Directory Users and Computers from the Start > All Programs > Administrative Tools menu.
At the root of the directory tree for the domain, right-click the root of your domain (or another OU you want to allow PeopleUpdate to manage) and choose Properties.
Click Delegate Control to open the Delegation of Control Wizard.
Click Next to proceed past the wizard's welcome page.
Click Add and find the PeopleUpdate service account you created previously.
Click Next to proceed.
Click Create a custom task to delegate and click Next to proceed.
On the Active Directory Object Type page, ensure you are delegating control to This folder, existing objects in this folder, and creation of new objects in this folder. This option allows the PeopleUpdate service account to manage the entire domain.
Click Next to proceed.
Check Read All Properties and Write All Properties to allow the PeopleUpdate service account to read and write all properties in the folder.
Click Next to proceed.
Click Finish to save your changes and close the wizard.