Before you begin, ensure that the following prerequisites are met.
BlueCat Address Manager
- You must be running Address Manager v9.1.0 or greater.
- You must have a Configuration where the Microsoft data will be
imported. You can use an existing configuration or create a new configuration.Note: If you are using an existing configuration, the imported data might modify existing Address Manager data, resulting in potential data issues. BlueCat recommends importing the data to a new configuration.
- You must have the necessary configurations for BlueCat Gateway to interact with Address Manager. For more information, refer to the BlueCat Gateway Installation Guide.
- You must have a dedicated API user for executing processes to import DNS and DHCP data into Address Manager. You can use the same API user that interacts with BlueCat Gateway.
BlueCat Gateway
- The Address Manager API user must be able to log in to Gateway and execute the workflow used for the import process.
- You must have at least 2 CPUs and 8GB of RAM allocated to the BlueCat Gateway instance that is performing the import process.
Microsoft Windows Servers
- You must be running Microsoft Windows Server 2012 or greater.
- You must have PowerShell execution policy set to
RemoteSigned:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
- You must have a dedicated service account to a user account with permissions to run PowerShell commands.
- BlueCat recommends configuring SSL/TSL certificates to encrypt data flow.
- Verify if WINRM is listening on HTTPS using the following
command:
winrm e winrm/config/listener
- You can also execute the following commands in the PowerShell prompt
to automate the HTTPS configuration:
- Retrieve the FQDN of the Windows
Server:
$fqdn = (Get-WmiObject win32_computersystem).DNSHostName+"."+(Get-WmiObject win32_computersystem).Domain
- Create a new Self-Signed Certificate. You can also use a
certificate signed by an external CA. You must save it under
Trusted Root CA for
WINRM:
$cert = (New-SelfSignedCertificate -DnsName $fqdn -CertStoreLocation Cert:\LocalMachine\My).Thumbprint
- Create a command to enable HTTPS Listener using the FQDN and
HTTP Certificates from the previous
commands:
$winrmcmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$fqdn`"; CertificateThumbprint=`"$cert`"}'"
- Create the HTTPS Listener using
WINRM:
Invoke-Expression $winrmcmd
- Validate that the HTTPS Listener is configured and
running.
Listener Address = * Transport = HTTPS Port = 5986 Hostname = dc1.contoso.com Enabled = true URLPrefix = wsman CertificateThumbprint = a0599c5b28519c90f185ccecdb418cb71ad72f8e ListeningOn = 10.244.133.31, 127.0.0.1, 192.168.103.10, ::1, fd79:c344:4793:6fc9:9105:1c3f:a785:f25d, fe80::5efe:10.244.133.31%16, fe80::5efe:192.168.103.10%15, fe80 ::3492:b293:a8e3:96%14, fe80::9105:1c3f:a785:f25d%12
- Retrieve the FQDN of the Windows
Server:
- Verify if WINRM is listening on HTTPS using the following
command:
Network requirements
BlueCat Gateway must be able to communicate with BlueCat Address Manager and Microsoft Windows servers using HTTP (TCP port 5985) or HTTPS (TCP port 5986) for remote connections to the Windows WINRM service.
You can execute the following PowerShell command to add a new firewall rule for port
5986:
New-NetFirewallRule -DisplayName BC-MSO-HTTPS -Enabled True -Direction Inbound -Protocol TCP -LocalPort 5986 -Action Allow -Profile Domain,Private