Install the Management Console
This section provides information on management console requirements and installing the console.
Requirements to Use AD Bridge with Active Directory
This section lists the requirements to use AD Bridge with Active Directory.
You must have at least the following components:
- An Active Directory domain controller
- A Windows administrative workstation that is running ADUC and is connected to your Active Directory domain controller
- One or more Unix or Linux computers running an operating system that AD Bridge supports, such as versions of Red Hat, SUSE Linux, CentOS, Debian, Sun Solaris, IBM AIX, and Ubuntu
For agent requirements (the software that runs on the Linux or Unix computers that you want to connect to AD), see Install the AD Bridge Agent.
Microsoft Management Tools
AD Bridge works with ADUC, and GPMC. Ensure that the Microsoft management tools are installed before you install AD Bridge.
The Microsoft management tools vary by Windows version, but include the Remote Server Administration Tools (RSAT) for Windows.
Turn on the following RSAT features. Go to Control Panel, select Programs, and then select Turn Windows features on or off:
- Group Policy Management Tools
- Active Directory Module for Windows PowerShell
- Active Directory Administrative Center
- AD DS Snap-ins and Command-Line Tools
For more information, see Remote Server Administration Tools for Windows.
Administrator Privileges
To add Linux or Unix computers to an AD domain, the following admin privileges are required:
- Root access or sudo permission on the Linux or Unix computers that you want to join to the domain.
- Active Directory credentials that allow you to add computers to an Active Directory domain. For example, membership in the Domain Administrators security group or the Enterprise Administrators security group.
Active Directory Requirements
For the list of supported platforms, see AD Bridge Supported Platforms.
Windows Requirements for the Console
These are the minimum requirements for the console:
- Microsoft .NET Framework 4.8
- Microsoft .NET 7
- 50MB of free space
For the list of supported platforms, see AD Bridge Supported Platforms.
Requirements to Run AD Bridge in Directory Integrated Mode
To run AD Bridge in Directory Integrated Mode, you must meet the following requirements:
- Active Directory installations that comply with RFC 2307
- Domain and forest functional levels have been raised to Windows Server 2012 or later
For more information, see Storage Modes in Active Directory.
Networking
The subnets with your Linux or Unix computers must be added to Active Directory sites before joining the computers to Active Directory so that the AD Bridge agent can detect the optimal domain controller and global catalog.
Replication
Make sure your AD replication system is up to date and functioning properly by using the following diagnostic tools from www.microsoft.com/download to test replication.
- DCDiag: Part of Microsoft's support tools for Windows Server 2012, dcdiag.exe should be run with the /v /c /e switches to test the domain controllers in all your sites.
- FRSDiag: Use frsdiag.exe tool, available from the Microsoft Resource Kit tools, to check the File Replication Service (FRS).
In addition, the following tools can help you review and troubleshoot FRS problems.
- Sonar: Use it to perform a quick review of FRS status.
- Ultrasound: Use it to monitor and troubleshoot FRS.
- ReplMon: Included in the Microsoft Resource Kit Tools. Use it to investigate replication problems across links where DCDiag showed failures.
For instructions, see the Microsoft documentation for each tool.
Supported Platforms and Applications
Platforms
AD Bridge supports many Linux or Unix and virtualization platforms.
For the list of supported platforms, see AD Bridge Supported Platforms.
Applications
You can use the Advanced Group Policy Management (AGPM) tool to manage your GPOs. Any AD Bridge settings applied to your GPOs are maintained.
Install the Console
Install the BeyondTrust Management Console on a Windows administrative workstation that can connect to your Active Directory domain controller.
We recommend that you do not install the console on a domain controller.
- Review the requirements before proceeding with the installation.
- Ensure the account you are using to run the install is a member of the Domain Admins group or Enterprise Admins group. The account needs privileges to change objects and child objects in Active Directory.
- Ensure the Microsoft management tools for Active Directory are installed before you install the console.
During the installation, checks are in place to ensure that your environment meets successful installation requirements. If you need more information, a log file is created here during the install: %UserProfile%AppData\Local\PBIS.Logs.
- Locate and copy the ADBridge64-##.#.#.###.msi install file to your Windows workstation. The installer file includes the version and build number.
- Run ADBridge64-##.#.#.###.msi.
- On the Installation Wizard page, check the box to accept the license agreement and click Next.
- Unless you need to place the files elsewhere, accept the default Install Location Destination Folder and click Next.
- Select the features to install and click Next.
- To begin the installation, on the Install Steps window, click Next.
- Once the installation is complete, click Finish.
At the end of the installation, you can start the configuration wizard to configure Directory Integrated mode, and follow best practices for configurations. You can also choose to run this wizard later from the default install location.
For more information, see the following:
- Requirements to Use AD Bridge with Active Directory.
- On Microsoft management tools, Requirements to Use AD Bridge with Active Directory.
- For the Configuration wizard, see Use the Configuration Wizard.
- For best practices, see AD Bridge Best Practices.
Use msiexec.exe
Silent Install or Uninstall
Run a silent install or uninstall of the console using msiexec.exe. To see a complete list of options, run msiexec.exe.
msiexec.exe /i ADBridge64-##.#.#.###.msi /quiet /qn
msiexec.exe /x ADBridge64-##.#.#.###.msi /quiet /qn
Install Individual Modules
Install individual AD Bridge modules using msiexec.exe. The following module options are available:
- BaseInstall
- ConsoleInstall
- ReportingToolsInstall
- OperationsDashboard
- DBUpdateTool
- MigrationToolsInstall
- MMCExtensions
- MigrationToolsInstall
- GPMC
- ADUC
msiexec /i ADBridge64-##.#.#.###.msi ADDLOCAL=BaseInstall /qn
Upgrade the Console
AD Bridge supports in-place upgrades. Run the latest installer on the computer where AD Bridge is already installed.
