To Set Up Microsoft Active Directory as a Configuration Data Store

In order to change the Federation Manager data store for configuration data to Microsoft Active Directory, you must set up the directory and load the Federation Manager LDIF schema. The procedure is described in To Set Up Microsoft Active Directory as a Configuration Data Store.

When the Active Directory installation wizard asks you to type a new domain, you may type a non-existent domain as in xyz.com. In this example, the root suffix will be dc=xyz,dc=com.

1. Install Microsoft Active Directory in either a Microsoft Windows 2000 Advanced Server or a Microsoft Windows 2003 Advanced Server.

   The procedures for these installations can be found in your Active Directory documentation or on the Microsoft web site.

2. Install the Active Directory Schema Snap-in.

   Instructions for installing the Active Directory Schema Snap-in can also be found on the Microsoft web site

3. Open the Microsoft Management Console (MMC).

   Using this console you can load the LDIF schema into Active Directory.

4. Point your cursor to Active Directory Schema and hold the right mouse button down.

5. Select Operations Master... from the drop-down menu.

6. Check The Schema may be modified on this Domain Controller from the Change Schema Master" window and click OK.

   This enables schema modification. The administrator DN is cn=administator,cn=users,ROOT-SUFFIX.

7. Install and configure Federation Manager according to the information in Modifying Federation Manager Configuration Data to Recognize an LDAPv3–compliant Directory.