3. Active Directory
Planning is essential for every part of implementing SharePoint 2010, and a crucial part of preparing for the installation
involves planning the various Active Directory accounts that will be
needed during the installation and throughout your SharePoint
implementation. SharePoint 2010 depends on Active Directory in several
situations.
SharePoint 2010 requires dedicated Active Directory user accounts to run services and act as application pool identities.
When
importing Active Directory user accounts, it is possible to restrict
which accounts are imported, based on the values of specific
attributes. Consider setting these values before running the first
import job. A new option that is available lets you choose which
organization units (OUs) to import from—even individual accounts from
an OU can be selected.
When
configuring incoming e-mail, SharePoint is capable of creating contact
objects automatically in Active Directory. The account that is
configured as the application pool account for Central Administration
needs create permissions in the dedicated OU.
Before creating
your Active Directory accounts, you must plan for and create these
dedicated accounts with the following considerations.
Provide the minimal rights and permissions so they are available when needed, but do not provide more permissions than needed.
New in SharePoint 2010 is the option to configure passwords to be changed automatically on a schedule you define.
Note:
It is strongly
recommended that you use a dedicated account to log on and install
SharePoint 2010. This account is often used as the identity of the
Central Administration site application pool, but it is not necessary
to do so. By design, the welcome menu displays System Account if that
account is used to log on to any application pool or website. This
means that you should not use your administrator account as an
application pool identity or to install SharePoint 2010.
Table 3 provides a detailed list of the accounts Microsoft recommends for use to install and configure SharePoint 2010.
Table 3. SharePoint Installation and Configuration Accounts
ACCOUNT | PURPOSE | REQUIREMENTS |
---|
SQL Server services account | The SQL Server service account is used to run SQL Server. It is the service account for the following SQL Server services.
MSSQLSERVER SQLSERVERAGENT
If you do not use the default SQL Server instance, the services will be referenced as the following.
MSSQL$InstanceName LSQLAgent$InstanceName
| Use either a Local System account or a domain user account. | If
you plan to back up to or restore from an external resource,
permissions to the external resource must be granted to the appropriate
account. If you use a domain user account for the SQL Server service
account, grant permissions to that domain user account. However, if you
use the Network Service or the Local System account, grant permissions
to the external resource to the machine account
(domain_name\SQL_hostname$).
Note: The instance name is arbitrary and was created when Microsoft SQL
Server was installed. |
Setup user account | The Setup user account is used to run the following.
| Domain user account Member of the Administrators group on each server on which Setup is run SQL Server login on the computer that runs SQL Server Member of the following SQL Server security roles
If you run Windows PowerShell cmdlets that affect a database, this account must be a member of the db_owner fixed database role for the database. |
Server farm account or database access account | The server farm account is used to perform the following tasks.
Configure and manage the server farm. Act as the application pool identity for the SharePoint Central Administration website. Run the Microsoft SharePoint Foundation Workflow Timer Service.
|
Additional permissions are automatically granted for the server farm
account on Web servers and application servers that are joined to a
server farm. The server farm account is automatically added as a SQL
Server login on the computer that runs SQL Server. The account is added
to the following SQL Server security roles.
dbcreator fixed server role securityadmin fixed server role db_owner fixed database role for all SharePoint databases in the server farm
|
4. SharePoint 2010 Preparation Tool
For the SharePoint Foundation or Server 2010 installation to complete successfully, the software listed in the section titled Section 4.2.2
earlier in this chapter must be installed. You may be thinking that it
is a lot of work to download and install each application individually.
Great news! There is a SharePoint 2010 Prerequisite Installer that you
can run to scan the server and check to see if the required software
components and server roles are installed. If it discovers they are not
present, the Prerequisite Installer will automatically install these
components from their Internet location, or if you choose, from a local
drive that contains the prerequisite software.
4.1. Local Prerequisite Command-Line Installation
You can install the
SharePoint 2010 prerequisites using a command-line utility called
Prerequisiteinstaller.exe. You can run this utility after you extract
it from the respective SharePoint 2010 installation executable. For
instance, if you are installing SharePoint Foundation 2010 that you
downloaded to the directory C:\SharePointFoundationFiles, you would
extract the installation files, including the Prerequisiteinstaller.exe
application, using the following command.
c:\SharePointFoundationFiles\SharePoint.exe /extract:c:\SharePointFoundationFiles
Note:
The SharePoint.exe file name
is a generic name based on a native language. You will have to
determine the file name specific to your installation before running
this command.
As an alternative, if you are
installing SharePoint 2010 that you downloaded to the directory
C:\SharePointServerFiles, you would extract the installation files that
include the Prerequisiteinstaller.exe application using the following
command.
c:\SharePointServerFiles\OfficeServer.exe /extract:c:\SharePointServerFiles
Note:
The Officeserver.exe
file name is a generic name based on a native language. You will have
to determine the file name specific to your installation before running
this command.
Perform the following steps to complete a command-line installation of the required prerequisites.
Copy all the prerequisites to a folder such as C:\SharePoint2010\PrerequisiteFiles.
Open
Notepad.exe, copy the following content (without line breaks, and be
sure to insert a space between the arguments), and save it to the same
directory as the downloaded prerequisites. Name the file
PrerequisiteInstaller.Arguments.txt.
/Unattended:
/W2K8SP2:PrerequisiteFiles\Windows6.0-KB948465-X64.exe
/NETFX35SP1:PrerequisiteFiles\dotnetfx35.exe
/PowerShell:PrerequisiteFiles\PowerShell_Setup_amd64.msi
/WindowsInstaller:PrerequisiteFiles\Windows6.0-KB942288-v2-x64.msu
/SQLNCli:PrerequisiteFiles\sqlncli.msi
/ChartControl:PrerequisiteFiles\MSChart.exe
/IDFX:PrerequisiteFiles\MicrosoftGenevaFramework.amd64.msi
/Sync:PrerequisiteFiles\Synchronization.msi
/FilterPack:PrerequisiteFiles\FilterPackx64.exe
/ADOMD:PrerequisiteFiles\ADONETDataServices_v15_RuntimeOnly.exe
Double-click Prerequisiteinstaller.exe, located in the C:\SharePoint2010 folder.
After that file executes completely, all of the required prerequisites will be installed.
Note:
MORE INFO For additional information on the available Prerequisiteinstaller.exe parameters, enter the command Prerequisiteinstaller.exe /? at the command prompt from within the directory where you extracted the installation files.