SQL Server Magazine

Editor's Note: Each month, this column discusses various aspects of the advanced administration of e-business sites. This month's column examines DSs—specifically, the Site Server 3.0 P&M DS and Win2K AD coexisting on a Win2K domain controller.

In my travels this summer speaking at Microsoft TechEd conferences, I learned just how prevalent but troublesome the Microsoft Site Server 3.0 Personalization and Membership (P&M) Directory Service (DS) has become. P&M overcomes the domain limits of Windows NT 4.0. Technically, you can have millions of authenticated users (on the Internet or not), which is extremely powerful. For this reason, P&M is popular in intranet, extranet, and Internet Web sites around the world. It's also why Site Server P&M will be around for a long time, even though Active Directory (AD) is available.

However, P&M dominated the question-and-answer session I held after each TechEd presentation. Arguably, P&M is the most difficult technology in the most difficult product Microsoft has. Its slow adoption is related to that complexity—well, that and a few bugs.

The real problem that IIS administrators have been wrestling with is the migration of their P&M DSs to AD since Windows 2000 shipped. Now that Microsoft Exchange 2000 Server has shipped, the industry is seeing a plethora of Win2K conversions (Exchange 2000 requires Win2K), and that, of course, means AD implementations. This month, I show you how to run the P&M DS on Win2K.

Running the P&M DS and AD on Win2K
People are shocked when I tell them that I run P&M on the Win2K domain controller that hosts AD. I don't know why people are surprised. When you understand the basic architecture of both DSs, having both DSs coexist not only on the same network but also on the same box makes perfect sense. You see, Lightweight Directory Access Protocol (LDAP) servers listening on specific ports service both DSs (i.e., P&M DS and AD). AD is fixed to port 389 because Exchange has always lived there. You can configure membership servers on any available port. By default, membership servers start at port 1002 and increment by one with each new membership server you create. (The default membership server that the Site Server installation process creates lives on port 1002.) If you're using a membership server, it probably lives on port 1003 and can coexist with the LDAP server listening on port 389 for AD requests.

The first step in running P&M on Win2K is to install Site Server. Site Server Service Pack 4 (SP4) lets you install Site Server on Win2K. You also need a small patch file (ss3w2k .exe) that facilitates the operation of Microsoft FrontPage Server Extensions. You can download SP4 and the patch from http://www.microsoft .com/siteserver/site/deployad min/sp4.htm. The site has detailed installation instructions, but to install P&M on a Win2K server, you must perform these steps:

1. Install Win2K (Win2K Server, Win2K Datacenter Server, or Win2K Advanced Server).
2. Promote the machine to a domain controller (the promotion process installs AD).
3. Run ss3w2k.exe.
4. Perform a custom installation of Site Server 3.0. Install only the Knowledge Management (KM) portion, as Figure 1 shows. (You need Microsoft SQL Server—2000, 7.0, or 6.5—either remote or local.)
5. Run Site Server SP4.

This installation procedure shows you the real beauty of a Site Server installation on Win2K—its simplicity. If you've installed Site Server 3.0 on NT 4.0, you know how difficult that installation process is. You must install numerous service packs, and the installation order is crucial. Site Server is undisputedly the single most difficult product to install and configure that Microsoft offers.

If you're experienced with Site Server 3.0 P&M and already have membership servers, you can create a new membership server on your Win2K box and point the server to the LDAP server and port running your existing membership server on NT 4.0. Choose Custom Installation, and select AUO Object; don't select LDAP Server. The system will prompt you for the name of your LDAP server and the port on which it's running, as Figure 2 shows. For those of you new to P&M, use these steps to create a membership server on your Win2K server on port 1003:

1. Open the Microsoft Management Console (MMC) Site Server Service Admin snap-in by choosing Start, Programs, Microsoft Site Server, Administration, Site Server Service Admin.
2. Click the Personalization and Membership snap-in; your local server name will appear.
3. Right-click your local server name, and select New, Membership Server Instance, as Figure 3 shows, to start the New Membership Server Wizard.
4. Follow the steps of the wizard, and select these options:
   • On the second page of the wizard, select Custom Configuration.
   • On the third page, select AUO Object and LDAP Service.
   • On the fourth page, select Create a New Membership Directory.
   • On the fifth page, select Membership Authentication.
   • On the sixth page, enter your membership directory name (realm), and assign a password to the Membership Administrator account. (Write these two values down. You'll need to remember both of them later.)
   • On the seventh page, select Microsoft SQL Server.
   • On the eighth page, you need to name the SQL server, identify a blank SQL Server database (create that database now in SQL Enterprise Manager, if you haven't already), and identify the database user and password.
   • On the ninth page, confirm the IP address and port number for the LDAP server (remember the port number).
   • Click Finish to create the membership server.

   Prev. page   [1] 2     next page