Configuring Each Domain

For each domain on which you plan to install DigitalPersona AD Server, you need to run the DigitalPersona AD Active Directory Domain Configuration Wizard, which configures the required domain-specific data including the necessary cryptographic keys. This includes the following:

  • Verifies that the AD schema was extended correctly

  • Creates the AD containers required by DigitalPersona

  • Creates the DigitalPersona Server encryption keys

  • Creates necessary Active Directory Extended Rights

  • Creates DigitalPersona Display-Specifiers (required to add our content to ADUC)

  • Sets the default DigitalPersona-related security on the AD Domain

Note: Running the wizard requires administrator privileges on the domain controller.

You should run this wizard only once on each domain where DigitalPersona AD Server will be installed.

When installing multiple DigitalPersona AD Servers, it is critical that you run the wizard only once during any replication period, allowing full replication to be completed before going on to run the wizard on the next domain.

Running the wizard a second time during a single replication period will result in corrupted Server data, and any DigitalPersona AD Servers in the domain will be unusable.

After running the Domain Configuration wizard, domain level permissions to enroll/delete fingerprints are reset to the default, i.e. Allow.

To run the DigitalPersona AD Domain Configuration Wizard:

  1. Double-click DPDomainConfig.exe, which is located in the Domain Configuration folder in the Server installation package.

  2. Read the license agreement that displays and, if you agree to the terms and conditions, select I accept the license agreement and then click Next.

    A warning reminds you not to run this wizard if you have an existing DigitalPersona AD Server installation on this domain.

  3. If you are sure there are no other DigitalPersona AD Server installations on the domain you are configuring, check the I accept that the domain will be configured box and click Next.

  4. In the Save Log File As dialog box, specify a file name and folder path for the log file generated by the wizard and click Save.

    When you click Save, the wizard performs the changes on the domain.

  5. To close the wizard, click Finish.