SlideShare ist ein Scribd-Unternehmen logo

W2 k3 ad_integration-how_to

Als DOC, PDF herunterladen
M
Meka SriHari
Technologie
1 von 17
June 2004 Enabling Enterprise Identity Management with SAP and Active Directory Abstract Customers that are using SAP integration in Active Directory infrastructures can benefit from multiple functionalities such as Single Sign On, HR module synchronization etc. SAP AG describes two methods for installing SAP systems on servers that are part of a domain. This document describes a third method allowing you to install SAP systems like a domain administra- tor but without all the administrator rights.
The information contained in this document represents the current view of Microsoft Corpo- ration on the issues discussed as of the date of publication. Because Microsoft must re- spond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information pre- sented after the date of publication. This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRAN- TIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limi- ting the rights under copyright, no part of this document may be reproduced, stored in or in- troduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as ex- pressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copy- rights, or other intellectual property. © 2004 Microsoft Corporation. All rights reserved. Microsoft, Win32, Active Directory, Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
CONTENTS INTRODUCTION...................................................................................... 1 Recommended Solution........................................................................ 2 Predicted Benefits.................................................................................. 2 Technical Details.................................................................................... 3 1. Schema update........................................................................................3 2. Rights delegation.....................................................................................3 3. Preparing the installation.........................................................................4 Users’ account and groups..........................................................................4 Computers’ accounts and operating system installation............................7 4. SAP system installation...........................................................................8 Conclusion.............................................................................................. 8 References.............................................................................................. 8 SAP OSS Note 169468 – Version 43 – Windows 2000 Support.................8
INTRODUCTION More and more customers are asking to use the same Active Directory domain infrastructure to manage user environment and SAP systems. The benefits of this integration are mainly using new functionalities like Kerberos Single Sign On, HR module synchronization with Active Directory more easily, and also easier administration of SAP systems using the SAP MMC snap-in, etc. Other reasons for doing this type of integration are to reduce costs of operating the IT system. These cost reductions can be realized by focusing each admini- strator population on their main technology (SAP Administrators manage SAP software, Operating System Administrators manage all the operating system, Active Directory Administrators manage users rights and delegations, and so on) and defining an infrastructure easier to administer on their perimeter for each group of administrators. These types of integration increase the business value of each product; SAP and Active Directory. SAP AG provides two methods of installing an SAP system on servers that are members of a domain. These methods are described in the “SAP R/3 Enter- prise on Windows Installation Guides”. The first method is dedicated to Domain Administrators. This method is the easiest to follow because all users’ accounts and groups necessary for SAP are automatically created in the domain by the R3SETUP or SAPINST program. But this method requires giving the Domain Administrators rights to people who must install the SAP system. This could be considered as a security issue, this is one reason why SAP recommends installing SAP systems in their own Win- dows Domain. The second method is dedicated to SAP Administrators that are not Domain Administrators. This method is a little bit more difficult because a Domain Admi- nistrator must create the users’ accounts and groups required to install SAP manually before starting the R3SETUP program. In this method, the SAP admi- nistrators will need to synchronize the deployment of the SAP system with ope- rations made by the Domain Administrator. The Domain Administrator will need to create user accounts and groups manually respecting exactly the guidelines provided in the “SAP Installation Guide”. The installation of an SAP system will be blocked if this creation of users’ accounts and groups is not done in re- specting the case and the rights that should be given. The SAP R3SETUP program and the SAPINST program have been designed to run on Windows NT4 and Windows 2000 servers. These programs have not been designed to take advantage of Active Directory delegation tools like Orga- nizational Units1. This is why SAP AG does not recommend installing SAP ser- 1 The R3SETUP and SAPINST programs create users’ accounts and groups needed for SAP system installation using the Windows NT 4.0 commands. These objects will be created in the default container called “Users”. This container doesn’t accept right delegation and because SAP doesn’t use ldap commands to create these objects, it’s not possible to automatically create these objects in a specific OU. Windows Server 2003 White Paper 1
PREDICTED RECOMMENDED BENEFITS SOLUTION vers in the organizational unit (OU) of a domain.2 As we can see, these two methods do not benefits from Active Directory and usually imply that customers could find necessary to create dedicated SAP do- mains. The main purpose of Active Directory is to simplify the Domain architecture by reducing the number of domains to be deployed. This is a means of doing way of creating bigger domains, also reducing the replication traffic and providing the possibility of delegating administrative tasks such as accounts creation to people that are not Domain Administrators. This delegation is performed using the Organization Units containers. As seen earlier, the SAP installation programs are unable to take benefits from OU. But it is possible to delegate rights of creating new users’ accounts, new groups and new computers accounts to a group of people (let’s call it the “SAP Installation Group”) without giving them all Domain Administrators Rights. Doing this delegation, this group will be able to create manually all users and groups required to install an SAP system without requesting help from a Do- main Administrator. Moreover, this group will be able to pre-create computer accounts in this OU. So, they will be able to add new servers to the domain. All the servers will be in the same OU. It is possible to force the customizing of these servers using GPOs with an SAP dedicated OU. After adding the server to the domain, the SAP Installation Group can be ad- ded, manually or automatically (using GPO), to the local Administrators group of the server. After creating SAP user accounts and groups in this way, users who are members of the “SAP Installation Group” will be able to start the R3SETUP or SAPINST program to install an SAP central instance, an SAP Application Server or anything else. With this method, customers can deploy an Active Directory forest with fewer domains. This means the forest will be easier to administer. It will be easier to implement the Kerberos Single Sign On mechanism or synchronize SAP HR with Active Directory and so on… SAP Administrators will have the total autonomy to do their usual tasks and deployment. It will not necessary to give them Domain Administrators rights there by eliminating possible become a security issue. This means SAP Admi- nistrators will be more efficient and Domain Administrators will not be disturbed by non-valuable tasks like SAP user accounts and group management. SAP Administrators will not need to manage their dedicated domain (because there will be no dedicated SAP domain). They can transfer this task to Domain Administrators. 2 This recommendation can be found in the OSS Note 169468 available at the end of this document. Windows Server 2003 White Paper 2
TECHNICAL DETAILS The customers will be able to reduce the number of servers deployed: • No dedicated Domain Controllers for SAP Domain, • Easier sharing of printing servers, messaging servers, backup servers and so on. In conclusion, this method of deployment is a way to reduce direct and indirect IT systems costs and proposes an easier way to deploy new functionalities that can be seen as business values for customers. The following chapters explain in detail the method used to deploy SAP syst- ems without Domain Administrator rights. 1. Schema update A schema update of the forest is required to be able to publish SAP services in Active Directory. This publishing of SAP Services allows SAP administrators to use the SAP MMC snap-in more efficiency. This schema extension is provided by SAP. This adds few objects and attri- butes but none of these attributes are published to the forest Global Catalog. Therefore, there is no impact on the Active Directory replication traffic. This schema update can only be performed by administrators that own the Schema Administrators rights. This means the schema update will not be made by SAP Administrators. Fortunately, this upgrade has to be done only once by Active Directory Forests. The easiest way to extend the Active Directory for SAP is to use the R3SETUP program delivered with an SAP 4.6d or 6.10 Kernel. One the R3SETUP pro- gram has been installed, a Schema Administrator will be able to extend the Active Directory schema using the shortcut “Configure Active Directory for SAP”. 2. Rights delegation Rights delegation is required in order to give the SAP Administrators maximum autonomy necessary to perform their usual function. This has to be performed by a Domain Administrator of the domain where SAP servers are installed. This task must be done for each domain where SAP servers are installed but it is only done once for each domain. This delegation is performed doing as follows: • The Domain Administrator will start the MMC snap-in “Active Directory Users and Computers”. Windows Server 2003 White Paper 3
• Connect this MMC to the domain where SAP servers from a system are be added • Use this MMC to create a group for all users accounts of people de- signated as SAP Administrators. • Use this MMC to create an Organizational Unite dedicated to SAP ser- vers and call it “SAP”, for example. • Use the delegation Wizard on the SAP OU to give the SAP Administra- tors Group, at least, the right of creating, deleting and changing: Users’ accounts, Computers’ accounts and Groups. More rights could be dele- gated if you desire to allow SAP Administrators to manage Group Poli- cy Objects on this OU. 3. Preparing the installation At this time, the SAP Administrators have all rights needed to install an SAP system. However, they will need to do some preparation before installing SAP. USERS’ ACCOUNT AND GROUPS Each SAP system must have a service user account and two groups. After the Right delegation, an SAP administrator can create these account and groups using the MMC snap-in “Active Directory Users and Computers”. This account and groups will be created in the SAP dedicated OU (SAP Administrators should not be able to create it elsewhere). The procedure will be as follow: I. Creating the New Group To create the SAP_<SAPSID>_GlobalAdmin group: 1. Log on as SAP administrator. 2. To start the Active Directory Users and Computers Console, choose: Start → Programs → Administrative Tools → Active Directory Users and Computers If you cannot find Active Directory Users and Computers, start as follows: a. Choose Start → Run and enter mmc. b. Choose Console → Add/Remove Snap-in... and choose Add. c. Choose Active Directory Users and Computers. d. Select Add. e. When finished, select Close and then OK. 3. On the left tree, right-click on the SAP OU and choose: New → Group Windows Server 2003 White Paper 4
4. Enter the following: Group name: SAP_<SAPSID>_GlobalAdmin Group name (pre-Windows 2000): SAP_<SAPSID>_GlobalAdmin 5. Select the following: Group scope: Global Group type: Security 6. Press OK. Windows Server 2003 White Paper 5
II. Creating the New Users To create the SAP system User <sapsid>adm and SAPService<SAPSID> proceed as follows: 1. In the Active Directory Users and Computers Console right-click on the SAP OU on the left tree and choose: New → User 2. Enter the following: Field name Entry for Entry for <sapsid>adm SAPService<SAPSID> First name None None Initials None None Last name None None Full name <sapsid>adm SAPService<SAPSID> User logon name <sapsid>adm SAPService<SAPSID> Enter the <sapsid>adm and SAPService<SAPSID> user as specified, respecting upper and lower case syntax. 3. Choose Next and enter the following: Password: <password> Confirm password: <password> 4. Select Password never expires. Make sure that no other option is selected 5. Choose Next and then Finish. III. Adding the <sapsid>adm User account to the SAP_<SAPSID>_GlobalAdmin Group 1. In the SAP OU select the newly created user account in the list on the right hand and double-click it. 2. Select the “Member of” tab. 3. Choose Add. 4. Select the new SAP_<SAPSID>_GlobalAdmin group and choose Add to add it to the list at the bottom. By default, the user is also a member of the Domain Users group. 5. Click OK twice. Windows Server 2003 White Paper 6
IV. Adding the SAPService<SAPSID> User account to the SAP_<SAPSID>_GlobalAdmin Group 1. In the SAP OU, select the newly created user account SAPService<SAPSID> in the list on the right and double-click it. 2. Select the “Member of” tab. 3. Choose Add. 4. Select the new SAP_<SAPSID>_GlobalAdmin group and choose Add to add it to the list at the bottom. 5. Choose OK. The SAPService<SAPSID> user account must not be a member of the Domain Users group. To remove this group from the “Member of” list: i. Select the SAP_<SAPSID>_GlobalAdmin group and choose Set Primary Group. ii. Select the Domain Users group and choose Remove to delete it from the “Member of” list. 6. Choose OK to close the SAPService<SAPSID> Properties dialog box. 7. Close the Active Directory Users and Computers Management Console. COMPUTERS’ ACCOUNTS AND OPERATING SYSTEM INSTALLATION Before installing SAP, SAP Administrators will need to have servers ready for the installation. This means adding some SAP dedicated servers with operating systems installed and joined to the domain. If the customer has developed an unattended or manual installation process of the operating system, the server installation can be done by an SAP Admini- strator. The SAP Administrator will only need to pre-create servers’ accounts using the MMC snap-in “Active Directory Users and Computers”. The procedure is as following: 1. Log on as SAP administrator. 2. To start the Active Directory Users and Computers Console, choose: Start → Programs → Administrative Tools → Active Directory Users and Computers Windows Server 2003 White Paper 7
REFERENCES CONCLUSION If you cannot find Active Directory Users and Computers, start it as follows: a. Choose Start → Run and enter mmc. b. Choose Console → Add/Remove Snap-in... and choose Add. c. Choose Active Directory Users and Computers. d. Select Add. e. When finished, select Close and then OK. 3. In the tree on the left, right-click on the SAP OU and choose: New → Computer 4. Enter a computer name and click twice on Next Button then Finish. SAP Administrator will have to do this operation for each server. Then, SAP Ad- ministrator will be able to run unattended installation of the operating system on each server. This installation procedure can automatically add the server in the domain if the name used for the server correspond to one of the newly com- puter account created. 4. SAP system installation At this point, everything is ready to follow the normal installation procedure for SAP systems given by SAP AG. This installation procedure depends on the version of SAP R/3 kernel to deploy. Please, follow the instructions given by SAP in the Installation Guide corresponding to the version of SAP R/3 you want to install. Since the first draft of this white paper, multiple customers had deployed their SAP systems using this methodology. SAP itself has tested it and has written an OSS note describing shortly and manu- ally how to proceed. The OSS note is referenced as “OSS Note 711319 – Domain Installation using delegation of administration in AD”. SAP OSS Note 169468 – Version 43 – Windows 2000 Support (see http://service.sap.com/~form/sapnet? _FRAME=CONTAINER&_OBJECT=011000358700007554442001) Symptom Windows Server 2003 White Paper 8
Availability of Windows 2000 Server Depending on the SAP Release and the database version, some special features for Windows 2000 have to be observed for a new installation or an operating system up- grade. Release of databases for Windows 2000 Information about the release of databases, database versions and SAP releases for Windows 2000 can be found in the SAP Service Marketplace: http://service.sap.com/platforms For SAP 3x releases, there are only special releases that must be specially ordered by customers. Kernel 3.1I is required for the upgrade. For Oracle, no special release is required, but the 3.1I_COM CD has to be used. The following information is valid for:  Windows 2000 Server  Windows 2000 Advanced Server  Windows 2000 Data Center Server Additional key words Windows 2000 Windows Server 2003 White Paper 9
Cause and preconditions Solution In the following, you will find a short summary of the special features to be observed on Windows 2000. Important general notes on the SAP new installation and the operating system upgrade can be found. For information on the operating system upgrade within the scope of a SAP system up- grade to release 4.0B, 4.5B, 4.6B or later, refer to Note 179274. This Note is subdivided into the following sections:  a) General Contains information on the SAP new installation on Windows 2000 and on the operating system upgrade.  b) SAP new installation Contains information on the new installation of a 4.0B, 4.5B, 4.6B or later SAP system.  c) Operating system upgrade Contains notes for the upgrade of the operating system of an existing SAP sys- tem.  d) Additional information Contains further information relevant for Windows 2000. In particular, important aspects of the SAP domain under Windows 2000 are described. a) General Note the following points when you install a SAP system under Windows 2000 or up- grade an operating system:  Language versions For SAP Server, the "International English" language version of Windows 2000 is supported only. If you want to use another language for the user interface, you can install the so-called "Multilanguage User Interface" kit (MUI). For infor- mation on the installation and usage of MUI, please refer to Note 362379.  Windows 2000 Advanced Server Cluster Support (MSCS) You can use the Cluster Service from Windows 2000 for databases and SAP releases which have been released for Windows 2000. However, you need to import either Windows 2000 Service Pack 1 and two additional Microsoft Hotfixes (Q257577 and Q265017), or Windows 2000 Service Pack 2 and one additional Hotfix (Q265017). For further information see Notes 30478 and 144310. Windows Server 2003 White Paper 10
 ADSI and MMC These components already exist in Windows 2000 and must not be installed from the kernel CD.  Terminal Server Service On the R/3 application server, terminal services can be used for the server ad- ministration in 'remote administration mode' (just as with pcAnywhere). Only know exception: Console messages (for example during the DB installation) are not displayed. Using terminal services in 'Application server mode' on an R/3 Server must be avoided at all costs. The additional load negatively affects the system perfor- mance.  DB software installation The database software installation may not function with a Terminal Server Session (affects Microsoft SQL Server). The software can be installed with PcAnywhere or locally on the console of the respective computer. Enter the following command prior to the installation at the command prompt: Change user /install After the installation enter the following command: change user /execute  SAP DB only: DLL pcr62md.dll. SAP DB Version 6.2 requires an additional DLL on Windows 2000. The required DLL, pcr62md.dll, is stored in the SAP Service Marketplace.  pcAnywhere For Windows 2000 use pcAnywhere Version 9.01 or higher only.  Temp variables After the SAP installation or after the operating system upgrade, check the TEMP and TMP variables of the <sid>adm user. In Windows 2000, you may obtain invalid or unfavorable values. A short and user-independent path such as "c:temp" is best suited for SAP. b) SAP reinstallation The procedure of a new installation of the SAP system depends on the release. Relaese 4.6B and later releases and 4.0B COM  As of release 4.6B, the SAP releases that are released for Windows NT are fully compatible with Windows 2000. No special actions are necessary. Follow the instruction for a standard SAP installation in the implementation guide "R/3 installation on Windows NT". The same applies to R/3 4.0B COM. Realease 4.5B  DLLs Prior to the beginning of the installation import the current version of the Dy- namic Link Libraries R3DLLINS for Windows 2000. To do this, unpack Windows Server 2003 White Paper 11
R3DLLINS.car for your platform from the attachment to Note 65878. Then exe- cute file R3DLLINS.EXE manually.  R3SETUP Tool Use the R3SETUP version that is stored for Windows 2000 in the SAP Service Marketplace. For this purpose, download file R3SETUP_<Patch-Level>.CAR.  Kernel exchange After the installation with R3SETUP replace the R/3 kernel. If you do not re- place it you will get error "SICK" after the first log-on attempt after the start. Download the following two patches from the SAP Service Marketplace (www.service.sap.com/patches) and unpack them to directory usrsapexe: dw1_<patch-level> dw2-<Patch-level> Use at least patch level 186.  SAPOSCOL Use the current saposcol version. This version supports the changed perfor- mance counter of Windows 2000 to determine values for ST06 and RZ20. The latest version is stored in file saposcol_<Patch Level>.CAR. in the SAP Service Marketplace. c) Operating system upgrade If you upgrade an existing SAP system to Windows 2000 perform the following actions described in section "SAP new installation":  Install the latest R3DLLINS version.  Replace the R/3 kernel.  Use the latest saposcol version.  Only SAP DB: See Note 315237. d) Additional information  Compatibility of the hardware with Windows 2000 The upgrade to Windows 2000 may be carried out only if the hardware has been explicitly released for this purpose. This can be checked in one of the following ways:  If the Windows 2000 CD is available, compatibility can be checked using program WINNT32.EXE in the I386 directory. The exact state- ment is: <DRIVE:>I386WINNT32 /CHECKUPGRADEONLY. The re- sult is stored as text file WINNT32.LOC in the present Windows direc- tory (e.g. C:WINNT).  The hardware has successfully passed SAP hardware certification (www.addon.de/fcert)  The hardware is contained in the Microsoft Hardware Compatibility List (www.microsoft.com/hcl). Windows Server 2003 White Paper 12
 The hardware has been released for Windows 2000 by the manu- facturer. This information is published on the corresponding website.  Kerberos Single Sign-On When the SAP system is installed on Windows 2000 you can setup the Kerbe- ros Single Sign-On. If you use the Kerberos protocol the information exchanged between the SAP front-end and the application server for authentication is en- crypted. The procedure for setting up Single Sign-On is described in all recent instal- lation guides. You can, for example, download the installation guide 4.6C SR 2 from the SAPNet, alias "Instguides".  Terminal Service All kernel objects (Shared Memory, Semaphoren, Events...) can be used for operation with "Terminal Service". External error analysis programs (dpmon..) also support the "Terminal Service" by Windows 2000, that is an R/3 system in a Terminal session can be monitored.  Using more than 4GB RAM Zero Administration Memory Management from SAP (see Note 88416) automatically supports main memory larger than 4GB under Windows. SAP however does not use the AWE (Address Windowing Extension) API from Windows 2000. However, an SAP instance consists of several work processes. Each work process can use its own physical storage up to 2GB (or 3GB) in its virtual address space.  SAP domain under Windows 2000 Follow the instructions of the Windows documentation for the migration of a NT 4 domain to Windows 2000. For the SAP environment some additional points need to be observed. For NT 4 there are two models for the SAP system domain: - the single domain and - the additional domain.  Single domain All users and the SAP system build one single domain. This domain can be migrated to Windows 2000 and exist there as single domain.  Additional domain Here, there is one domain for the users and a second domain for the SAP system(s). For a migration to Windows 2000 the SAP system do- main has to be created as child domain under the user domain. A "Top-down" procedure is to be used. The higher domain (the user do- main) must be migrated prior to the SAP child domain. If the user and SAP domain is part of a larger domain structure the complete domain structure for Windows 2000 needs to be planned in a preparing phase. Usually, the structure created under NT 4 has to be re-arranged and consolidated. The name space of the root domain and all subordinated domains has to be defined and the distribution of the DNS services needs to be determined. Here, note the following: - The SAP domain has to be created as child domain. Windows Server 2003 White Paper 13
- The SAP domain must not be converted into an organiza- tional unit (OU). OUs are not supported by R3SETUP and R3up. Windows Server 2003 White Paper 14

Empfohlen

Suse linux enterprise_server_15_x_for_sap_applications_configuration_guide_fo...
Suse linux enterprise_server_15_x_for_sap_applications_configuration_guide_fo...Suse linux enterprise_server_15_x_for_sap_applications_configuration_guide_fo...
Suse linux enterprise_server_15_x_for_sap_applications_configuration_guide_fo...Jaleel Ahmed Gulammohiddin
 
Suse linux enterprise_server_12_x_for_sap_applications_configuration_guide_fo...
Suse linux enterprise_server_12_x_for_sap_applications_configuration_guide_fo...Suse linux enterprise_server_12_x_for_sap_applications_configuration_guide_fo...
Suse linux enterprise_server_12_x_for_sap_applications_configuration_guide_fo...Jaleel Ahmed Gulammohiddin
 
Rise with sap s 4 hana cloud, private edition service description guide
Rise with sap s 4 hana cloud, private edition service description guideRise with sap s 4 hana cloud, private edition service description guide
Rise with sap s 4 hana cloud, private edition service description guideDharma Atluri
 
Spreadsheet server
Spreadsheet serverSpreadsheet server
Spreadsheet serverRavichandra Yarlagadda
 
Sap hana client_installation_update_guide_en
Sap hana client_installation_update_guide_enSap hana client_installation_update_guide_en
Sap hana client_installation_update_guide_enShobha Nand Kumar
 
Ecc ad ldap
Ecc ad ldapEcc ad ldap
Ecc ad ldapShobha Nand Kumar
 
Effective Integration of SAP MDM & BODS
Effective Integration of SAP MDM & BODSEffective Integration of SAP MDM & BODS
Effective Integration of SAP MDM & BODSNavneetGiria
 
Hovitaga OpenSQL Editor - Security and authorization concept
Hovitaga OpenSQL Editor - Security and authorization conceptHovitaga OpenSQL Editor - Security and authorization concept
Hovitaga OpenSQL Editor - Security and authorization conceptHovitaga Kft.
 

Empfohlen

Suse linux enterprise_server_15_x_for_sap_applications_configuration_guide_fo...
Suse linux enterprise_server_15_x_for_sap_applications_configuration_guide_fo...Suse linux enterprise_server_15_x_for_sap_applications_configuration_guide_fo...
Suse linux enterprise_server_15_x_for_sap_applications_configuration_guide_fo...Jaleel Ahmed Gulammohiddin
 
Suse linux enterprise_server_12_x_for_sap_applications_configuration_guide_fo...
Suse linux enterprise_server_12_x_for_sap_applications_configuration_guide_fo...Suse linux enterprise_server_12_x_for_sap_applications_configuration_guide_fo...
Suse linux enterprise_server_12_x_for_sap_applications_configuration_guide_fo...Jaleel Ahmed Gulammohiddin
 
Rise with sap s 4 hana cloud, private edition service description guide
Rise with sap s 4 hana cloud, private edition service description guideRise with sap s 4 hana cloud, private edition service description guide
Rise with sap s 4 hana cloud, private edition service description guideDharma Atluri
 
Spreadsheet server
Spreadsheet serverSpreadsheet server
Spreadsheet serverRavichandra Yarlagadda
 
Sap hana client_installation_update_guide_en
Sap hana client_installation_update_guide_enSap hana client_installation_update_guide_en
Sap hana client_installation_update_guide_enShobha Nand Kumar
 
Ecc ad ldap
Ecc ad ldapEcc ad ldap
Ecc ad ldapShobha Nand Kumar
 
Effective Integration of SAP MDM & BODS
Effective Integration of SAP MDM & BODSEffective Integration of SAP MDM & BODS
Effective Integration of SAP MDM & BODSNavneetGiria
 
Hovitaga OpenSQL Editor - Security and authorization concept
Hovitaga OpenSQL Editor - Security and authorization conceptHovitaga OpenSQL Editor - Security and authorization concept
Hovitaga OpenSQL Editor - Security and authorization conceptHovitaga Kft.
 
Tech days 2011 - database design patterns for keeping your database applicati...
Tech days 2011 - database design patterns for keeping your database applicati...Tech days 2011 - database design patterns for keeping your database applicati...
Tech days 2011 - database design patterns for keeping your database applicati...Charley Hanania
 
SAP HANA Overview
SAP HANA OverviewSAP HANA Overview
SAP HANA OverviewManjunath Pathapadu
 
Easy dms basic process guide
Easy dms basic process guideEasy dms basic process guide
Easy dms basic process guideSubhrajyoti (Subhra) Bhattacharjee
 
Pass chapter meeting - november - partitioning for database availability - ch...
Pass chapter meeting - november - partitioning for database availability - ch...Pass chapter meeting - november - partitioning for database availability - ch...
Pass chapter meeting - november - partitioning for database availability - ch...Charley Hanania
 
HANA SPS07 Security
HANA SPS07 Security HANA SPS07 Security
HANA SPS07 Security SAP Technology
 
SAP BODS Designer PDF
SAP BODS Designer PDFSAP BODS Designer PDF
SAP BODS Designer PDFchalasani kamesh
 
Informatica Power Center - Workflow Manager
Informatica Power Center - Workflow ManagerInformatica Power Center - Workflow Manager
Informatica Power Center - Workflow ManagerZaranTech LLC
 
SSL Configuration within SAP HANA
SSL Configuration within SAP HANASSL Configuration within SAP HANA
SSL Configuration within SAP HANADebajit Banerjee
 
Informatica Server Manager
Informatica Server ManagerInformatica Server Manager
Informatica Server Managerganblues
 
City Hall Network Project
City Hall Network ProjectCity Hall Network Project
City Hall Network ProjectMark Simon
 
Transaction so12 private office settings application server infrastructure ...
Transaction so12 private office settings application server infrastructure ...Transaction so12 private office settings application server infrastructure ...
Transaction so12 private office settings application server infrastructure ...Panduranga N
 
Sql 2008 r2_manageability_white_paper
Sql 2008 r2_manageability_white_paperSql 2008 r2_manageability_white_paper
Sql 2008 r2_manageability_white_paperKlaudiia Jacome
 
Share point 2013 deployment document
Share point 2013 deployment documentShare point 2013 deployment document
Share point 2013 deployment documentLearning SharePoint
 
SAP BODS 4.2
SAP BODS 4.2 SAP BODS 4.2
SAP BODS 4.2 TL Technologies - Thoughts Become Things
 
MS 3 Design Documentation
MS 3 Design DocumentationMS 3 Design Documentation
MS 3 Design DocumentationHeather Swisher
 
Sap basis installation on win nt oracle 4.6d
Sap basis installation on win nt oracle 4.6dSap basis installation on win nt oracle 4.6d
Sap basis installation on win nt oracle 4.6dFelipeHernndez75
 
SAP System copy
SAP System copySAP System copy
SAP System copyashish_bbd
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory ProposalMJ Ferdous
 
SAP HANA SPS09 - Security
SAP HANA SPS09 - SecuritySAP HANA SPS09 - Security
SAP HANA SPS09 - SecuritySAP Technology
 
SAP HANA SPS08 Administration & Monitoring
SAP HANA SPS08 Administration & Monitoring SAP HANA SPS08 Administration & Monitoring
SAP HANA SPS08 Administration & Monitoring SAP Technology
 
SAP Overview and Architecture
SAP Overview and Architecture SAP Overview and Architecture
SAP Overview and Architecture Ankit Sharma
 
SAP_Enable_Now_Master_Guide_en-US.pdf
SAP_Enable_Now_Master_Guide_en-US.pdfSAP_Enable_Now_Master_Guide_en-US.pdf
SAP_Enable_Now_Master_Guide_en-US.pdfssuser2e8ccd
 

Weitere ähnliche Inhalte

Was ist angesagt?

Tech days 2011 - database design patterns for keeping your database applicati...
Tech days 2011 - database design patterns for keeping your database applicati...Tech days 2011 - database design patterns for keeping your database applicati...
Tech days 2011 - database design patterns for keeping your database applicati...Charley Hanania
 
Pass chapter meeting - november - partitioning for database availability - ch...
Pass chapter meeting - november - partitioning for database availability - ch...Pass chapter meeting - november - partitioning for database availability - ch...
Pass chapter meeting - november - partitioning for database availability - ch...Charley Hanania
 
Informatica Power Center - Workflow Manager
Informatica Power Center - Workflow ManagerInformatica Power Center - Workflow Manager
Informatica Power Center - Workflow ManagerZaranTech LLC
 
SSL Configuration within SAP HANA
SSL Configuration within SAP HANASSL Configuration within SAP HANA
SSL Configuration within SAP HANADebajit Banerjee
 
Informatica Server Manager
Informatica Server ManagerInformatica Server Manager
Informatica Server Managerganblues
 
City Hall Network Project
City Hall Network ProjectCity Hall Network Project
City Hall Network ProjectMark Simon
 
Transaction so12 private office settings application server infrastructure ...
Transaction so12 private office settings application server infrastructure ...Transaction so12 private office settings application server infrastructure ...
Transaction so12 private office settings application server infrastructure ...Panduranga N
 
Sql 2008 r2_manageability_white_paper
Sql 2008 r2_manageability_white_paperSql 2008 r2_manageability_white_paper
Sql 2008 r2_manageability_white_paperKlaudiia Jacome
 
Share point 2013 deployment document
Share point 2013 deployment documentShare point 2013 deployment document
Share point 2013 deployment documentLearning SharePoint
 
MS 3 Design Documentation
MS 3 Design DocumentationMS 3 Design Documentation
MS 3 Design DocumentationHeather Swisher
 
Sap basis installation on win nt oracle 4.6d
Sap basis installation on win nt oracle 4.6dSap basis installation on win nt oracle 4.6d
Sap basis installation on win nt oracle 4.6dFelipeHernndez75
 
SAP System copy
SAP System copySAP System copy
SAP System copyashish_bbd
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory ProposalMJ Ferdous
 
SAP HANA SPS09 - Security
SAP HANA SPS09 - SecuritySAP HANA SPS09 - Security
SAP HANA SPS09 - SecuritySAP Technology
 
SAP HANA SPS08 Administration & Monitoring
SAP HANA SPS08 Administration & Monitoring SAP HANA SPS08 Administration & Monitoring
SAP HANA SPS08 Administration & Monitoring SAP Technology
 

Was ist angesagt? (20)

Tech days 2011 - database design patterns for keeping your database applicati...
Tech days 2011 - database design patterns for keeping your database applicati...Tech days 2011 - database design patterns for keeping your database applicati...
Tech days 2011 - database design patterns for keeping your database applicati...
 
SAP HANA Overview
SAP HANA OverviewSAP HANA Overview
SAP HANA Overview
 
Easy dms basic process guide
Easy dms basic process guideEasy dms basic process guide
Easy dms basic process guide
 
Pass chapter meeting - november - partitioning for database availability - ch...
Pass chapter meeting - november - partitioning for database availability - ch...Pass chapter meeting - november - partitioning for database availability - ch...
Pass chapter meeting - november - partitioning for database availability - ch...
 
HANA SPS07 Security
HANA SPS07 Security HANA SPS07 Security
HANA SPS07 Security
 
SAP BODS Designer PDF
SAP BODS Designer PDFSAP BODS Designer PDF
SAP BODS Designer PDF
 
Informatica Power Center - Workflow Manager
Informatica Power Center - Workflow ManagerInformatica Power Center - Workflow Manager
Informatica Power Center - Workflow Manager
 
SSL Configuration within SAP HANA
SSL Configuration within SAP HANASSL Configuration within SAP HANA
SSL Configuration within SAP HANA
 
Informatica Server Manager
Informatica Server ManagerInformatica Server Manager
Informatica Server Manager
 
City Hall Network Project
City Hall Network ProjectCity Hall Network Project
City Hall Network Project
 
Transaction so12 private office settings application server infrastructure ...
Transaction so12 private office settings application server infrastructure ...Transaction so12 private office settings application server infrastructure ...
Transaction so12 private office settings application server infrastructure ...
 
Sql 2008 r2_manageability_white_paper
Sql 2008 r2_manageability_white_paperSql 2008 r2_manageability_white_paper
Sql 2008 r2_manageability_white_paper
 
Share point 2013 deployment document
Share point 2013 deployment documentShare point 2013 deployment document
Share point 2013 deployment document
 
SAP BODS 4.2
SAP BODS 4.2 SAP BODS 4.2
SAP BODS 4.2
 
MS 3 Design Documentation
MS 3 Design DocumentationMS 3 Design Documentation
MS 3 Design Documentation
 
Sap basis installation on win nt oracle 4.6d
Sap basis installation on win nt oracle 4.6dSap basis installation on win nt oracle 4.6d
Sap basis installation on win nt oracle 4.6d
 
SAP System copy
SAP System copySAP System copy
SAP System copy
 
Active Directory Proposal
Active Directory ProposalActive Directory Proposal
Active Directory Proposal
 
SAP HANA SPS09 - Security
SAP HANA SPS09 - SecuritySAP HANA SPS09 - Security
SAP HANA SPS09 - Security
 
SAP HANA SPS08 Administration & Monitoring
SAP HANA SPS08 Administration & Monitoring SAP HANA SPS08 Administration & Monitoring
SAP HANA SPS08 Administration & Monitoring
 

Ähnlich wie W2 k3 ad_integration-how_to

SAP Overview and Architecture
SAP Overview and Architecture SAP Overview and Architecture
SAP Overview and Architecture Ankit Sharma
 
SAP_Enable_Now_Master_Guide_en-US.pdf
SAP_Enable_Now_Master_Guide_en-US.pdfSAP_Enable_Now_Master_Guide_en-US.pdf
SAP_Enable_Now_Master_Guide_en-US.pdfssuser2e8ccd
 
Planning guide sap business suite 7 2013 landscape implementation
Planning guide sap business suite 7 2013 landscape implementationPlanning guide sap business suite 7 2013 landscape implementation
Planning guide sap business suite 7 2013 landscape implementationLeonardo Parpal Roig
 
SAP Activate Elements.pdf
SAP Activate Elements.pdfSAP Activate Elements.pdf
SAP Activate Elements.pdfAslamAs1
 
1Running head WINDOWS SERVER DEPLOYMENT PROPOSAL2WINDOWS SE.docx
1Running head WINDOWS SERVER DEPLOYMENT PROPOSAL2WINDOWS SE.docx1Running head WINDOWS SERVER DEPLOYMENT PROPOSAL2WINDOWS SE.docx
1Running head WINDOWS SERVER DEPLOYMENT PROPOSAL2WINDOWS SE.docxaulasnilda
 
SAST Authorization Management: How to integrate your SoD analysis into the SA...
SAST Authorization Management: How to integrate your SoD analysis into the SA...SAST Authorization Management: How to integrate your SoD analysis into the SA...
SAST Authorization Management: How to integrate your SoD analysis into the SA...akquinet enterprise solutions GmbH
 
Sap Interview Questions - Part 1
Sap Interview Questions - Part 1Sap Interview Questions - Part 1
Sap Interview Questions - Part 1ReKruiTIn.com
 
Mobile store management
Mobile store management Mobile store management
Mobile store management Rupendra Verma
 
Database Engine Control though Web Portal Monitoring Configuration
Database Engine Control though Web Portal Monitoring ConfigurationDatabase Engine Control though Web Portal Monitoring Configuration
Database Engine Control though Web Portal Monitoring ConfigurationIRJET Journal
 
Computing And Information Technology Programmes Essay
Computing And Information Technology Programmes EssayComputing And Information Technology Programmes Essay
Computing And Information Technology Programmes EssayLucy Nader
 
Integrating SAP and Low-Code Plaforms
Integrating SAP and Low-Code PlaformsIntegrating SAP and Low-Code Plaforms
Integrating SAP and Low-Code PlaformsWarren Eiserman
 
Sap Solman Instguide Initial Customizing
Sap Solman Instguide Initial CustomizingSap Solman Instguide Initial Customizing
Sap Solman Instguide Initial Customizingwlacaze
 
Smp agentry sap_framework
Smp agentry sap_frameworkSmp agentry sap_framework
Smp agentry sap_frameworkGanesh Kumar
 
Sap implementation
Sap implementationSap implementation
Sap implementationsydraza786
 

Ähnlich wie W2 k3 ad_integration-how_to (20)

SAP Overview and Architecture
SAP Overview and Architecture SAP Overview and Architecture
SAP Overview and Architecture
 
SAP_Enable_Now_Master_Guide_en-US.pdf
SAP_Enable_Now_Master_Guide_en-US.pdfSAP_Enable_Now_Master_Guide_en-US.pdf
SAP_Enable_Now_Master_Guide_en-US.pdf
 
Planning guide sap business suite 7 2013 landscape implementation
Planning guide sap business suite 7 2013 landscape implementationPlanning guide sap business suite 7 2013 landscape implementation
Planning guide sap business suite 7 2013 landscape implementation
 
sap introduction
sap introductionsap introduction
sap introduction
 
Blue book
Blue bookBlue book
Blue book
 
SAP ARCHITECTURE (I).pptx
SAP ARCHITECTURE (I).pptxSAP ARCHITECTURE (I).pptx
SAP ARCHITECTURE (I).pptx
 
SAP Activate Elements.pdf
SAP Activate Elements.pdfSAP Activate Elements.pdf
SAP Activate Elements.pdf
 
BMS-PPT-7viyvv.pptx
BMS-PPT-7viyvv.pptxBMS-PPT-7viyvv.pptx
BMS-PPT-7viyvv.pptx
 
1Running head WINDOWS SERVER DEPLOYMENT PROPOSAL2WINDOWS SE.docx
1Running head WINDOWS SERVER DEPLOYMENT PROPOSAL2WINDOWS SE.docx1Running head WINDOWS SERVER DEPLOYMENT PROPOSAL2WINDOWS SE.docx
1Running head WINDOWS SERVER DEPLOYMENT PROPOSAL2WINDOWS SE.docx
 
SAST Authorization Management: How to integrate your SoD analysis into the SA...
SAST Authorization Management: How to integrate your SoD analysis into the SA...SAST Authorization Management: How to integrate your SoD analysis into the SA...
SAST Authorization Management: How to integrate your SoD analysis into the SA...
 
Sap Interview Questions - Part 1
Sap Interview Questions - Part 1Sap Interview Questions - Part 1
Sap Interview Questions - Part 1
 
Mobile store management
Mobile store management Mobile store management
Mobile store management
 
Database Engine Control though Web Portal Monitoring Configuration
Database Engine Control though Web Portal Monitoring ConfigurationDatabase Engine Control though Web Portal Monitoring Configuration
Database Engine Control though Web Portal Monitoring Configuration
 
Computing And Information Technology Programmes Essay
Computing And Information Technology Programmes EssayComputing And Information Technology Programmes Essay
Computing And Information Technology Programmes Essay
 
Integrating SAP and Low-Code Plaforms
Integrating SAP and Low-Code PlaformsIntegrating SAP and Low-Code Plaforms
Integrating SAP and Low-Code Plaforms
 
Asset accounting
Asset accountingAsset accounting
Asset accounting
 
Sap Solman Instguide Initial Customizing
Sap Solman Instguide Initial CustomizingSap Solman Instguide Initial Customizing
Sap Solman Instguide Initial Customizing
 
Smp agentry sap_framework
Smp agentry sap_frameworkSmp agentry sap_framework
Smp agentry sap_framework
 
Sap implementation
Sap implementationSap implementation
Sap implementation
 
Data Modeling in SAP Gateway – maximize performance at all levels
Data Modeling in SAP Gateway – maximize performance at all levelsData Modeling in SAP Gateway – maximize performance at all levels
Data Modeling in SAP Gateway – maximize performance at all levels
 

Kürzlich hochgeladen

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 

Kürzlich hochgeladen (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 

W2 k3 ad_integration-how_to

  • 1. June 2004 Enabling Enterprise Identity Management with SAP and Active Directory Abstract Customers that are using SAP integration in Active Directory infrastructures can benefit from multiple functionalities such as Single Sign On, HR module synchronization etc. SAP AG describes two methods for installing SAP systems on servers that are part of a domain. This document describes a third method allowing you to install SAP systems like a domain administra- tor but without all the administrator rights.
  • 2. The information contained in this document represents the current view of Microsoft Corpo- ration on the issues discussed as of the date of publication. Because Microsoft must re- spond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information pre- sented after the date of publication. This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRAN- TIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limi- ting the rights under copyright, no part of this document may be reproduced, stored in or in- troduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as ex- pressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copy- rights, or other intellectual property. © 2004 Microsoft Corporation. All rights reserved. Microsoft, Win32, Active Directory, Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
  • 3. CONTENTS INTRODUCTION...................................................................................... 1 Recommended Solution........................................................................ 2 Predicted Benefits.................................................................................. 2 Technical Details.................................................................................... 3 1. Schema update........................................................................................3 2. Rights delegation.....................................................................................3 3. Preparing the installation.........................................................................4 Users’ account and groups..........................................................................4 Computers’ accounts and operating system installation............................7 4. SAP system installation...........................................................................8 Conclusion.............................................................................................. 8 References.............................................................................................. 8 SAP OSS Note 169468 – Version 43 – Windows 2000 Support.................8
  • 4. INTRODUCTION More and more customers are asking to use the same Active Directory domain infrastructure to manage user environment and SAP systems. The benefits of this integration are mainly using new functionalities like Kerberos Single Sign On, HR module synchronization with Active Directory more easily, and also easier administration of SAP systems using the SAP MMC snap-in, etc. Other reasons for doing this type of integration are to reduce costs of operating the IT system. These cost reductions can be realized by focusing each admini- strator population on their main technology (SAP Administrators manage SAP software, Operating System Administrators manage all the operating system, Active Directory Administrators manage users rights and delegations, and so on) and defining an infrastructure easier to administer on their perimeter for each group of administrators. These types of integration increase the business value of each product; SAP and Active Directory. SAP AG provides two methods of installing an SAP system on servers that are members of a domain. These methods are described in the “SAP R/3 Enter- prise on Windows Installation Guides”. The first method is dedicated to Domain Administrators. This method is the easiest to follow because all users’ accounts and groups necessary for SAP are automatically created in the domain by the R3SETUP or SAPINST program. But this method requires giving the Domain Administrators rights to people who must install the SAP system. This could be considered as a security issue, this is one reason why SAP recommends installing SAP systems in their own Win- dows Domain. The second method is dedicated to SAP Administrators that are not Domain Administrators. This method is a little bit more difficult because a Domain Admi- nistrator must create the users’ accounts and groups required to install SAP manually before starting the R3SETUP program. In this method, the SAP admi- nistrators will need to synchronize the deployment of the SAP system with ope- rations made by the Domain Administrator. The Domain Administrator will need to create user accounts and groups manually respecting exactly the guidelines provided in the “SAP Installation Guide”. The installation of an SAP system will be blocked if this creation of users’ accounts and groups is not done in re- specting the case and the rights that should be given. The SAP R3SETUP program and the SAPINST program have been designed to run on Windows NT4 and Windows 2000 servers. These programs have not been designed to take advantage of Active Directory delegation tools like Orga- nizational Units1. This is why SAP AG does not recommend installing SAP ser- 1 The R3SETUP and SAPINST programs create users’ accounts and groups needed for SAP system installation using the Windows NT 4.0 commands. These objects will be created in the default container called “Users”. This container doesn’t accept right delegation and because SAP doesn’t use ldap commands to create these objects, it’s not possible to automatically create these objects in a specific OU. Windows Server 2003 White Paper 1
  • 5. PREDICTED RECOMMENDED BENEFITS SOLUTION vers in the organizational unit (OU) of a domain.2 As we can see, these two methods do not benefits from Active Directory and usually imply that customers could find necessary to create dedicated SAP do- mains. The main purpose of Active Directory is to simplify the Domain architecture by reducing the number of domains to be deployed. This is a means of doing way of creating bigger domains, also reducing the replication traffic and providing the possibility of delegating administrative tasks such as accounts creation to people that are not Domain Administrators. This delegation is performed using the Organization Units containers. As seen earlier, the SAP installation programs are unable to take benefits from OU. But it is possible to delegate rights of creating new users’ accounts, new groups and new computers accounts to a group of people (let’s call it the “SAP Installation Group”) without giving them all Domain Administrators Rights. Doing this delegation, this group will be able to create manually all users and groups required to install an SAP system without requesting help from a Do- main Administrator. Moreover, this group will be able to pre-create computer accounts in this OU. So, they will be able to add new servers to the domain. All the servers will be in the same OU. It is possible to force the customizing of these servers using GPOs with an SAP dedicated OU. After adding the server to the domain, the SAP Installation Group can be ad- ded, manually or automatically (using GPO), to the local Administrators group of the server. After creating SAP user accounts and groups in this way, users who are members of the “SAP Installation Group” will be able to start the R3SETUP or SAPINST program to install an SAP central instance, an SAP Application Server or anything else. With this method, customers can deploy an Active Directory forest with fewer domains. This means the forest will be easier to administer. It will be easier to implement the Kerberos Single Sign On mechanism or synchronize SAP HR with Active Directory and so on… SAP Administrators will have the total autonomy to do their usual tasks and deployment. It will not necessary to give them Domain Administrators rights there by eliminating possible become a security issue. This means SAP Admi- nistrators will be more efficient and Domain Administrators will not be disturbed by non-valuable tasks like SAP user accounts and group management. SAP Administrators will not need to manage their dedicated domain (because there will be no dedicated SAP domain). They can transfer this task to Domain Administrators. 2 This recommendation can be found in the OSS Note 169468 available at the end of this document. Windows Server 2003 White Paper 2
  • 6. TECHNICAL DETAILS The customers will be able to reduce the number of servers deployed: • No dedicated Domain Controllers for SAP Domain, • Easier sharing of printing servers, messaging servers, backup servers and so on. In conclusion, this method of deployment is a way to reduce direct and indirect IT systems costs and proposes an easier way to deploy new functionalities that can be seen as business values for customers. The following chapters explain in detail the method used to deploy SAP syst- ems without Domain Administrator rights. 1. Schema update A schema update of the forest is required to be able to publish SAP services in Active Directory. This publishing of SAP Services allows SAP administrators to use the SAP MMC snap-in more efficiency. This schema extension is provided by SAP. This adds few objects and attri- butes but none of these attributes are published to the forest Global Catalog. Therefore, there is no impact on the Active Directory replication traffic. This schema update can only be performed by administrators that own the Schema Administrators rights. This means the schema update will not be made by SAP Administrators. Fortunately, this upgrade has to be done only once by Active Directory Forests. The easiest way to extend the Active Directory for SAP is to use the R3SETUP program delivered with an SAP 4.6d or 6.10 Kernel. One the R3SETUP pro- gram has been installed, a Schema Administrator will be able to extend the Active Directory schema using the shortcut “Configure Active Directory for SAP”. 2. Rights delegation Rights delegation is required in order to give the SAP Administrators maximum autonomy necessary to perform their usual function. This has to be performed by a Domain Administrator of the domain where SAP servers are installed. This task must be done for each domain where SAP servers are installed but it is only done once for each domain. This delegation is performed doing as follows: • The Domain Administrator will start the MMC snap-in “Active Directory Users and Computers”. Windows Server 2003 White Paper 3
  • 7. Connect this MMC to the domain where SAP servers from a system are be added • Use this MMC to create a group for all users accounts of people de- signated as SAP Administrators. • Use this MMC to create an Organizational Unite dedicated to SAP ser- vers and call it “SAP”, for example. • Use the delegation Wizard on the SAP OU to give the SAP Administra- tors Group, at least, the right of creating, deleting and changing: Users’ accounts, Computers’ accounts and Groups. More rights could be dele- gated if you desire to allow SAP Administrators to manage Group Poli- cy Objects on this OU. 3. Preparing the installation At this time, the SAP Administrators have all rights needed to install an SAP system. However, they will need to do some preparation before installing SAP. USERS’ ACCOUNT AND GROUPS Each SAP system must have a service user account and two groups. After the Right delegation, an SAP administrator can create these account and groups using the MMC snap-in “Active Directory Users and Computers”. This account and groups will be created in the SAP dedicated OU (SAP Administrators should not be able to create it elsewhere). The procedure will be as follow: I. Creating the New Group To create the SAP_<SAPSID>_GlobalAdmin group: 1. Log on as SAP administrator. 2. To start the Active Directory Users and Computers Console, choose: Start → Programs → Administrative Tools → Active Directory Users and Computers If you cannot find Active Directory Users and Computers, start as follows: a. Choose Start → Run and enter mmc. b. Choose Console → Add/Remove Snap-in... and choose Add. c. Choose Active Directory Users and Computers. d. Select Add. e. When finished, select Close and then OK. 3. On the left tree, right-click on the SAP OU and choose: New → Group Windows Server 2003 White Paper 4
  • 8. 4. Enter the following: Group name: SAP_<SAPSID>_GlobalAdmin Group name (pre-Windows 2000): SAP_<SAPSID>_GlobalAdmin 5. Select the following: Group scope: Global Group type: Security 6. Press OK. Windows Server 2003 White Paper 5
  • 9. II. Creating the New Users To create the SAP system User <sapsid>adm and SAPService<SAPSID> proceed as follows: 1. In the Active Directory Users and Computers Console right-click on the SAP OU on the left tree and choose: New → User 2. Enter the following: Field name Entry for Entry for <sapsid>adm SAPService<SAPSID> First name None None Initials None None Last name None None Full name <sapsid>adm SAPService<SAPSID> User logon name <sapsid>adm SAPService<SAPSID> Enter the <sapsid>adm and SAPService<SAPSID> user as specified, respecting upper and lower case syntax. 3. Choose Next and enter the following: Password: <password> Confirm password: <password> 4. Select Password never expires. Make sure that no other option is selected 5. Choose Next and then Finish. III. Adding the <sapsid>adm User account to the SAP_<SAPSID>_GlobalAdmin Group 1. In the SAP OU select the newly created user account in the list on the right hand and double-click it. 2. Select the “Member of” tab. 3. Choose Add. 4. Select the new SAP_<SAPSID>_GlobalAdmin group and choose Add to add it to the list at the bottom. By default, the user is also a member of the Domain Users group. 5. Click OK twice. Windows Server 2003 White Paper 6
  • 10. IV. Adding the SAPService<SAPSID> User account to the SAP_<SAPSID>_GlobalAdmin Group 1. In the SAP OU, select the newly created user account SAPService<SAPSID> in the list on the right and double-click it. 2. Select the “Member of” tab. 3. Choose Add. 4. Select the new SAP_<SAPSID>_GlobalAdmin group and choose Add to add it to the list at the bottom. 5. Choose OK. The SAPService<SAPSID> user account must not be a member of the Domain Users group. To remove this group from the “Member of” list: i. Select the SAP_<SAPSID>_GlobalAdmin group and choose Set Primary Group. ii. Select the Domain Users group and choose Remove to delete it from the “Member of” list. 6. Choose OK to close the SAPService<SAPSID> Properties dialog box. 7. Close the Active Directory Users and Computers Management Console. COMPUTERS’ ACCOUNTS AND OPERATING SYSTEM INSTALLATION Before installing SAP, SAP Administrators will need to have servers ready for the installation. This means adding some SAP dedicated servers with operating systems installed and joined to the domain. If the customer has developed an unattended or manual installation process of the operating system, the server installation can be done by an SAP Admini- strator. The SAP Administrator will only need to pre-create servers’ accounts using the MMC snap-in “Active Directory Users and Computers”. The procedure is as following: 1. Log on as SAP administrator. 2. To start the Active Directory Users and Computers Console, choose: Start → Programs → Administrative Tools → Active Directory Users and Computers Windows Server 2003 White Paper 7
  • 11. REFERENCES CONCLUSION If you cannot find Active Directory Users and Computers, start it as follows: a. Choose Start → Run and enter mmc. b. Choose Console → Add/Remove Snap-in... and choose Add. c. Choose Active Directory Users and Computers. d. Select Add. e. When finished, select Close and then OK. 3. In the tree on the left, right-click on the SAP OU and choose: New → Computer 4. Enter a computer name and click twice on Next Button then Finish. SAP Administrator will have to do this operation for each server. Then, SAP Ad- ministrator will be able to run unattended installation of the operating system on each server. This installation procedure can automatically add the server in the domain if the name used for the server correspond to one of the newly com- puter account created. 4. SAP system installation At this point, everything is ready to follow the normal installation procedure for SAP systems given by SAP AG. This installation procedure depends on the version of SAP R/3 kernel to deploy. Please, follow the instructions given by SAP in the Installation Guide corresponding to the version of SAP R/3 you want to install. Since the first draft of this white paper, multiple customers had deployed their SAP systems using this methodology. SAP itself has tested it and has written an OSS note describing shortly and manu- ally how to proceed. The OSS note is referenced as “OSS Note 711319 – Domain Installation using delegation of administration in AD”. SAP OSS Note 169468 – Version 43 – Windows 2000 Support (see http://service.sap.com/~form/sapnet? _FRAME=CONTAINER&_OBJECT=011000358700007554442001) Symptom Windows Server 2003 White Paper 8
  • 12. Availability of Windows 2000 Server Depending on the SAP Release and the database version, some special features for Windows 2000 have to be observed for a new installation or an operating system up- grade. Release of databases for Windows 2000 Information about the release of databases, database versions and SAP releases for Windows 2000 can be found in the SAP Service Marketplace: http://service.sap.com/platforms For SAP 3x releases, there are only special releases that must be specially ordered by customers. Kernel 3.1I is required for the upgrade. For Oracle, no special release is required, but the 3.1I_COM CD has to be used. The following information is valid for:  Windows 2000 Server  Windows 2000 Advanced Server  Windows 2000 Data Center Server Additional key words Windows 2000 Windows Server 2003 White Paper 9
  • 13. Cause and preconditions Solution In the following, you will find a short summary of the special features to be observed on Windows 2000. Important general notes on the SAP new installation and the operating system upgrade can be found. For information on the operating system upgrade within the scope of a SAP system up- grade to release 4.0B, 4.5B, 4.6B or later, refer to Note 179274. This Note is subdivided into the following sections:  a) General Contains information on the SAP new installation on Windows 2000 and on the operating system upgrade.  b) SAP new installation Contains information on the new installation of a 4.0B, 4.5B, 4.6B or later SAP system.  c) Operating system upgrade Contains notes for the upgrade of the operating system of an existing SAP sys- tem.  d) Additional information Contains further information relevant for Windows 2000. In particular, important aspects of the SAP domain under Windows 2000 are described. a) General Note the following points when you install a SAP system under Windows 2000 or up- grade an operating system:  Language versions For SAP Server, the "International English" language version of Windows 2000 is supported only. If you want to use another language for the user interface, you can install the so-called "Multilanguage User Interface" kit (MUI). For infor- mation on the installation and usage of MUI, please refer to Note 362379.  Windows 2000 Advanced Server Cluster Support (MSCS) You can use the Cluster Service from Windows 2000 for databases and SAP releases which have been released for Windows 2000. However, you need to import either Windows 2000 Service Pack 1 and two additional Microsoft Hotfixes (Q257577 and Q265017), or Windows 2000 Service Pack 2 and one additional Hotfix (Q265017). For further information see Notes 30478 and 144310. Windows Server 2003 White Paper 10
  • 14. ADSI and MMC These components already exist in Windows 2000 and must not be installed from the kernel CD.  Terminal Server Service On the R/3 application server, terminal services can be used for the server ad- ministration in 'remote administration mode' (just as with pcAnywhere). Only know exception: Console messages (for example during the DB installation) are not displayed. Using terminal services in 'Application server mode' on an R/3 Server must be avoided at all costs. The additional load negatively affects the system perfor- mance.  DB software installation The database software installation may not function with a Terminal Server Session (affects Microsoft SQL Server). The software can be installed with PcAnywhere or locally on the console of the respective computer. Enter the following command prior to the installation at the command prompt: Change user /install After the installation enter the following command: change user /execute  SAP DB only: DLL pcr62md.dll. SAP DB Version 6.2 requires an additional DLL on Windows 2000. The required DLL, pcr62md.dll, is stored in the SAP Service Marketplace.  pcAnywhere For Windows 2000 use pcAnywhere Version 9.01 or higher only.  Temp variables After the SAP installation or after the operating system upgrade, check the TEMP and TMP variables of the <sid>adm user. In Windows 2000, you may obtain invalid or unfavorable values. A short and user-independent path such as "c:temp" is best suited for SAP. b) SAP reinstallation The procedure of a new installation of the SAP system depends on the release. Relaese 4.6B and later releases and 4.0B COM  As of release 4.6B, the SAP releases that are released for Windows NT are fully compatible with Windows 2000. No special actions are necessary. Follow the instruction for a standard SAP installation in the implementation guide "R/3 installation on Windows NT". The same applies to R/3 4.0B COM. Realease 4.5B  DLLs Prior to the beginning of the installation import the current version of the Dy- namic Link Libraries R3DLLINS for Windows 2000. To do this, unpack Windows Server 2003 White Paper 11
  • 15. R3DLLINS.car for your platform from the attachment to Note 65878. Then exe- cute file R3DLLINS.EXE manually.  R3SETUP Tool Use the R3SETUP version that is stored for Windows 2000 in the SAP Service Marketplace. For this purpose, download file R3SETUP_<Patch-Level>.CAR.  Kernel exchange After the installation with R3SETUP replace the R/3 kernel. If you do not re- place it you will get error "SICK" after the first log-on attempt after the start. Download the following two patches from the SAP Service Marketplace (www.service.sap.com/patches) and unpack them to directory usrsapexe: dw1_<patch-level> dw2-<Patch-level> Use at least patch level 186.  SAPOSCOL Use the current saposcol version. This version supports the changed perfor- mance counter of Windows 2000 to determine values for ST06 and RZ20. The latest version is stored in file saposcol_<Patch Level>.CAR. in the SAP Service Marketplace. c) Operating system upgrade If you upgrade an existing SAP system to Windows 2000 perform the following actions described in section "SAP new installation":  Install the latest R3DLLINS version.  Replace the R/3 kernel.  Use the latest saposcol version.  Only SAP DB: See Note 315237. d) Additional information  Compatibility of the hardware with Windows 2000 The upgrade to Windows 2000 may be carried out only if the hardware has been explicitly released for this purpose. This can be checked in one of the following ways:  If the Windows 2000 CD is available, compatibility can be checked using program WINNT32.EXE in the I386 directory. The exact state- ment is: <DRIVE:>I386WINNT32 /CHECKUPGRADEONLY. The re- sult is stored as text file WINNT32.LOC in the present Windows direc- tory (e.g. C:WINNT).  The hardware has successfully passed SAP hardware certification (www.addon.de/fcert)  The hardware is contained in the Microsoft Hardware Compatibility List (www.microsoft.com/hcl). Windows Server 2003 White Paper 12
  • 16. The hardware has been released for Windows 2000 by the manu- facturer. This information is published on the corresponding website.  Kerberos Single Sign-On When the SAP system is installed on Windows 2000 you can setup the Kerbe- ros Single Sign-On. If you use the Kerberos protocol the information exchanged between the SAP front-end and the application server for authentication is en- crypted. The procedure for setting up Single Sign-On is described in all recent instal- lation guides. You can, for example, download the installation guide 4.6C SR 2 from the SAPNet, alias "Instguides".  Terminal Service All kernel objects (Shared Memory, Semaphoren, Events...) can be used for operation with "Terminal Service". External error analysis programs (dpmon..) also support the "Terminal Service" by Windows 2000, that is an R/3 system in a Terminal session can be monitored.  Using more than 4GB RAM Zero Administration Memory Management from SAP (see Note 88416) automatically supports main memory larger than 4GB under Windows. SAP however does not use the AWE (Address Windowing Extension) API from Windows 2000. However, an SAP instance consists of several work processes. Each work process can use its own physical storage up to 2GB (or 3GB) in its virtual address space.  SAP domain under Windows 2000 Follow the instructions of the Windows documentation for the migration of a NT 4 domain to Windows 2000. For the SAP environment some additional points need to be observed. For NT 4 there are two models for the SAP system domain: - the single domain and - the additional domain.  Single domain All users and the SAP system build one single domain. This domain can be migrated to Windows 2000 and exist there as single domain.  Additional domain Here, there is one domain for the users and a second domain for the SAP system(s). For a migration to Windows 2000 the SAP system do- main has to be created as child domain under the user domain. A "Top-down" procedure is to be used. The higher domain (the user do- main) must be migrated prior to the SAP child domain. If the user and SAP domain is part of a larger domain structure the complete domain structure for Windows 2000 needs to be planned in a preparing phase. Usually, the structure created under NT 4 has to be re-arranged and consolidated. The name space of the root domain and all subordinated domains has to be defined and the distribution of the DNS services needs to be determined. Here, note the following: - The SAP domain has to be created as child domain. Windows Server 2003 White Paper 13
  • 17. - The SAP domain must not be converted into an organiza- tional unit (OU). OUs are not supported by R3SETUP and R3up. Windows Server 2003 White Paper 14