Windows system configuration - BlueCat Integrity - 9.4.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.4.0

Windows Active Directory (AD) domain controllers contain the Active Directory database and run the Kerberos distribution center service. The Kerberos authentication information is stored in Active Directory. Therefore, the user account and service principal must be first defined in AD.

Windows configuration consists of creating a user account for a managed DHCP Server in Active Directory, and then mapping a service principal name to the user account.
Note: A service principal name is the name by which a client uniquely identifies an instance of a service, and is associated with the security principal (user, host, or service in a realm) in whose security context the service executes.

Before the Kerberos authentication service can use a service principal name to authenticate a service, the service principal name must be registered on the account object that the service instance uses to log on.

You need to create one user account and user principal name for every DNS/DHCP Server that complies with security policies.

For more information about Service Principal Names (SPN), refer to the following URL: http://msdn.microsoft.com/en-us/library/windows/desktop/ms677949%28v=VS.85%29.aspx

Note: Configuring and managing your Kerberos service is beyond the scope of this guide. For information on Kerberos concepts and configuration, refer to your Kerberos documentation.
The following section contains steps that are required to complete the Windows server configuration.
Note: You should already have a Windows server running Active Directory and DNS Server roles installed and defined.