{"id":38,"date":"2007-07-02T10:11:45","date_gmt":"2007-07-02T10:11:45","guid":{"rendered":"https:\/\/www.wapshere.com\/missmiis\/?p=38"},"modified":"2023-01-16T09:01:59","modified_gmt":"2023-01-16T09:01:59","slug":"switching-to-domain-management-groups","status":"publish","type":"post","link":"https:\/\/www.wapshere.com\/missmiis\/switching-to-domain-management-groups","title":{"rendered":"Switching to Domain Management Groups"},"content":{"rendered":"<p class=\"MsoNormal\" style=\"margin: 0cm 0cm 0pt;\"><span lang=\"EN-GB\"><span style=\"font-family: Times New Roman;\">During the installation of MIIS you are shown a list of groups (MIIS_Admins, MIIS_Joiners etc) which will be created. The groups are local groups, and I expect that most people, on their first installation, just accept that.<\/span><\/span><\/p>\n<p><span lang=\"EN-GB\"><span style=\"font-family: Times New Roman;\">But wouldn&#8217;t it be nice if, at that point, a little more explanation, or perhaps some alternative options were offered, allowing you to think a little and take the better option of Domain groups.<\/span><\/span><\/p>\n<p><span lang=\"EN-GB\"><span style=\"font-family: Times New Roman;\">(Actually the <em>best<\/em> option would be if Microsoft had provided some sort of tool allowing us to change the admin groups post installation &#8211; but I can only hope that will be in ILM&#8230;)<\/span><\/span><\/p>\n<p><span lang=\"EN-GB\"><span style=\"font-family: Times New Roman;\">Anyway I digress &#8211; why are Domain groups better? First there is the sys admin reason that domain memberships are <em>much<\/em> easier to track than local memberships. Secondly, and more importantly, using domain groups means you can <a href=\"https:\/\/www.wapshere.com\/missmiis\/?p=37\">replicate the MicrosoftIdentityIntegrationServer database to another server<\/a> (in the same domain or a trusting domain) and it will work!<\/span><\/span><\/p>\n<p><span lang=\"EN-GB\"><span style=\"font-family: Times New Roman;\">In MIIS 2003 the only way to change the admin groups is to change the SIDs in the MicrosoftIdentityIntegrationServer.mms_server_configuration table. <\/span><\/span><\/p>\n<p><span lang=\"EN-GB\"><span style=\"font-family: Times New Roman;\">Theoretically you should be able to find the SIDs using getsid.exe from the Windows Support Tools and update the table accordingly, but for some reason I&#8217;ve not had much success with this method the couple of times I&#8217;ve tried it.<\/span><\/span><\/p>\n<p><span lang=\"EN-GB\"><span style=\"font-family: Times New Roman;\">You may be luckier (or cleverer) than me, but if not here&#8217;s a method I have tried and tested successfully.<\/span><\/span><\/p>\n<ol style=\"margin-top: 0cm;\" type=\"1\">\n<li class=\"MsoNormal\" style=\"margin: 0cm 0cm 0pt; tab-stops: list 36.0pt;\"><span lang=\"EN-GB\"><span style=\"font-family: Times New Roman;\">Install MIIS onto a new server;<\/span><\/span><\/li>\n<li class=\"MsoNormal\" style=\"margin: 0cm 0cm 0pt; tab-stops: list 36.0pt;\"><span lang=\"EN-GB\"><span style=\"font-family: Times New Roman;\">During the installation change all the group names to have <em>domain\\<\/em>\u00a0at the front, so that the domain groups are used instead;<\/span><\/span><\/li>\n<li class=\"MsoNormal\" style=\"margin: 0cm 0cm 0pt; tab-stops: list 36.0pt;\"><span lang=\"EN-GB\"><span style=\"font-family: Times New Roman;\">Once MIIS is installed copy the SIDs from the new mms_server_configuration table to the old one.<\/span><\/span><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>During the installation of MIIS you are shown a list of groups (MIIS_Admins, MIIS_Joiners etc) which will be created. The groups are local groups, and I expect that most people, on their first installation, just accept that. But wouldn&#8217;t it be nice if, at that point, a little more explanation, or perhaps some alternative options&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":[]},"categories":[34,28],"tags":[],"class_list":["post-38","post","type-post","status-publish","format-standard","hentry","category-ilm2007","category-miis2003"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pkp1o-C","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/posts\/38","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/comments?post=38"}],"version-history":[{"count":3,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/posts\/38\/revisions"}],"predecessor-version":[{"id":3375,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/posts\/38\/revisions\/3375"}],"wp:attachment":[{"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/media?parent=38"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/categories?post=38"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wapshere.com\/missmiis\/wp-json\/wp\/v2\/tags?post=38"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}