ActiveBatch Directory Services Installation

ActiveBatch supports the use of Microsoft’s Active Directory (AD) or Active Directory Lightweight Directory Services (AD LDS). Depending on your organizational requirements, you may choose to add AD or AD LDS support for ActiveBatch which allows for the publication of Job Schedulers, Execution Agents, Folders and Plans.

 

Note: Publishing ActiveBatch components and objects to AD or AD LDS is optional.  Some benefits when doing so are described below.

 

AD LDS was introduced in Windows Server 2008 and is the successor to ADAM. Regardless of which directory service you use, when you use either AD or AD LDS, you allow ActiveBatch to more easily find other ActiveBatch Job Schedulers and Execution Agents. With ActiveBatch AD support, you can publish a name for your Job Scheduler and Execution Agent machines. Because ActiveBatch stores the published name and not the actual machine name, you can change the association without having to change any references.

 

For example, if the Production Scheduler is currently installed on machine SERVER1, you can easily install the software on another machine (e.g. SERVER2) and then change the published name to point to the new machine. Using Active Directory significantly enhances Job Scheduler failover handling as well as transparent Client failover.

 

You can also publish ActiveBatch Plan and Folder objects, which allows users to connect to the published object using the Virtual Root feature. You must be an ActiveBatch Administrator to publish or unpublish Plan and Folder objects.

 

Note: As a best practice, publish Folder objects to use with the Virtual Root feature. You can still publish a Plan to use with the Virtual Root feature, but it is primarily supported for backwards compatibility.

 

The Job Scheduler publishes Plans, Folders, and the Job Scheduler component under the context of the Job Scheduler service account.  The service account would need to be granted appropriate Directory Service permissions, which include: read, write and delete.  When an Execution Agent is published, the Execution Agent service account is being used. This account would also need to be granted read, write and delete permissions.

 

To view a list of published Schedulers, Agents, and objects via an ActiveBatch user interface, the Directory Service’s Read permission is required. There are a few options for Read.  For example, Read and Read All Properties. It is up to the domain administrator to decide what Read option they would like to use.

 

To install the ActiveBatch Schema extensions for either directory service you will need to download the ActiveBatchDS.msi1 ActiveBatchDS.msi is to be used on both x86 and x64 systems. installer file.

 

Active Directory Lightweight Directory Services (AD LDS) Schema Installation

 

The ActiveBatch Active Directory Lightweight Directory Services (AD LDS) schema installation adds an AD LDS partition for ActiveBatch purposes.

 

 

To install the ActiveBatch AD LDS schema choose the “Active Directory Lightweight Directory Services (AD LDS)” radio button.

 

 

The first field “ADLDS Machine name” is required and must be entered. A hostname (or IP address) that is hosting the AD LDS service must be used. By default, a new ADLDS partition will be created and named “ActiveBatch”. The port number for AD LDS is, by default, 389 and should only be changed if a non-standard port number was used during the AD LDS installation. To use a different port number, the following syntax is used for the ADLDS Machine Name field:  machine:port (for example, machine:389).

 

The figure below is a sample of a successful schema and partition installation. Note the DC=ActiveBatch line in the figure below, this is the partition that’s been created.

 

 

Active Directory Installation

 

The ActiveBatch Active Directory installation updates the Active Directory Schema for your company. As such this operation requires an account that has been given Enterprise Administrator access (typically a member of the Schema Administrators group). Simply logon to the domain controller machine and execute the installation procedure. The steps are described below.

 

 

To extend your Active Directory schema, select the “Active Directory” radio button.

 

Note: ASCI recommends that you only extend the Active Directory services schema for ActiveBatch if you’re a non-evaluation or proof-of-concept customer. If you’re still examining the product, we recommend that you use AD LDS for any testing of the directory services aspects of ActiveBatch.

 

 

The above figure allows you to specify a different point in the Active Directory tree. By default you can extend the root of your Active Directory schema by leaving the field blank.

 

 

 

The warning box above is displayed to let you know that extension of the Active Directory schema is an irreversible operation not subject to an un-install.

 

Note: An update to the schema will cause a complete replication of the AD to occur. On a large forest this could result in an increase in network traffic. The ActiveBatch extension to the AD Schema is minimal (120 bytes per class). As per Microsoft guidelines the file ActiveBatchDS.xml has been provided to further document the ActiveBatch AD Schema extension. You will find this file in the ActiveBatch Installation directory of the machine that hosts your Job Scheduler service.