browse
Overview
Note: Umbrella does not support installing the Active Directory connector on non-GUI-based Windows servers like Windows Server Core.
This article applies to setting up Active Directory integration for Cisco Umbrella for DCs running Server Core. For all other OS versions, refer to the full setup guide or permissions troubleshooting guide.
Prerequisites
To use a Server Core machine with Umbrella active directory, ensure that the following features are enabled
- ServerManager-PSH-Cmdlets
- BestPractices-PSH-Cmdlets
To enable these features, run this command to enable them. Note this will require a reboot.
dism.exe /online /enable-feature /featurename:ServerManager-PSH-Cmdlets /FeatureName:BestPractices-PSH-Cmdlets
Once enabled, after a reboot, run the following
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
Configure-SMRemoting.ps1 -enable
After setting these, restart the Connector service and validate if the device appears as green within the dashboard within 5 minutes.
DCOM
In order to set DCOM permissions on Server Core, a copy of dcomperm.exe is required. To compile this from the Windows SDK, go to http://www.microsoft.com/en-us/download/details.aspx?id=8279 and compile dcomperm from this folder location:
C:\Program Files\Microsoft SDKs\Windows\v7.1\Samples\com\fundamentals\dcom\dcomperm
Or, download a copy attached to this document. This file was compiled by Cisco and may not fully meet file signing requirements.
To set Remote Launch and Remote Activation
DComPerm.exe -ml set <Domain>\OpenDNS_Connector permit level:rl,ra
You can verify this by running DComPerm.exe -ml list
C:\>DComPermEx.exe -ml list
An example validation:
Machine launch permission list:
Remote and Local launch permitted to BUILTIN\Administrators.
Remote and Local activation permitted to BUILTIN\Administrators.
Local launch permitted to \Everyone.
Local activation permitted to \Everyone.
Remote and Local launch permitted to BUILTIN\Distributed COM Users.
Remote and Local activation permitted to BUILTIN\Distributed COM Users.
Remote and Local launch permitted to BUILTIN\Performance Log Users.
Remote and Local activation permitted to BUILTIN\Performance Log Users.
Local launch permitted to APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES.
Local activation permitted to APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES.
Local launch permitted to APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES.
Local activation permitted to APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES.
Remote launch permitted to MYDOMAIN\OpenDNS_Connector.
Remote activation permitted to MYDOMAIN\OpenDNS_Connector.