Configuring MMC for Active Directory Services

You can configure the MMC so that its structure and some of the information it presents are taken directly from the Windows 2000 Active Directory. The Active Directory is an extensive hierarchical inventory of all the objects available in a network. Special services make it possible to access and manipulate the information stored in the directory whenever required.

Configuring the MMC on the basis of the Active directory has the following advantages:

· The MMC reads information on SAP systems and instances directly from the Active Directory and is therefore always up-to-date.

· The MMC presents additional information that is stored in the Active Directory, for example, detailed up-to-date technical data on systems or instances.


The MMC can be configured to access LDAP directories other than the Active Directory. In this case, additional instructions have to be observed.

Prerequisites

You have to configure the SAP system appropriately to support LDAP services.

Procedure

...

1. Start the MMC.

2. Select Console root and choose Console ® Add/Remove Snap-In.

3. In the Add/Remove Snap-In dialog box, choose Add and then select the SAP Systems Manager snap-in.

4. Confirm your selection with Add.

5. In the General Settings dialog box, enter data as follows:

For Options:
S
elect Query LDAP Directory for SAP Instances.

For Auto Refreshment:
Enter the periods in which you want system information in the MMC to be updated automatically.

For Options:
S
elect Expert user mode if you want to access more detailed system information later when you start working with the SAP snap-in.
Deselect Always show local SAP instances. These are automatically displayed in the MMC when the configuration is complete.

Select Enable Single Sign-On, if you want to use single sign-on for logon to SAP instances that support SNC

6. Choose Next to close the General Settings dialog box.

7. In the LDAP Directory Connection dialog box, enter the following data:

Fields

Entry

LDAP Server

Directory Type

Select Windows 2000 Active Directory.
If you want to access a different LDAP Server, select Generic LDAP Directory

SAP Root DN

For Windows 2000 Active Directory no entry is required.

For Generic LDAP Directory, enter the distinguished name of the SAP root node in the LDAP directory.

Directory Server

Enter the name of the server where the Active Directory is located. For Windows 2000 Active Directory, an entry is not required.

You can enter several host names separated by spaces. In this case, the first functioning host is the one that will be accessed.

LDAP Authentication

Select the mode of authentication for accessing the directory services.

For Windows 2000 Active Directory any of the offered modes can be selected.

For Generic LDAP Directory, select anonymous log in for read-only access of the directory. For read and write access, specify a user and password.

Use Secure Socket

Select this to encrypt the information that is passed between the MMC and Active Directory machine.

8. Choose Next.

9. In the Directory Settings dialog box, specify the information contained in the Active Directory that you want to be visible in the MMC:

...

a. Qualify the systems and instances you want to see by selecting or entering data in the fields Management Domain, System, Host and Instance No. The wild card * is a valid entry.

b. Choose Show to add entries to the LDAP Search filter text box. Use the Hide and Remove options as required:
Hide allows you to exclude selected items that appear in the LDAP Search filter box from the MMC display.
Remove allows you to delete selected entries from the LDAP Search filter box.

c. Repeat the procedure until you have specified all the management domains, hosts and instances you want to display.

d. Select Hide non DCOM manageable instances, to exclude any machines from the MMC display that cannot be monitored because they do not support DCOM communication with an SAP instance. Currently only Windows platforms support DCOM.

10. Choose Finish.

The MMC fetches the information specified in the LDAP Search filter from the Active Directory and configures the console accordingly.

11. Close all dialog boxes that are still open.

No comments:

topics