What is this module for?
"Hosted Organizations" module allows working with objects related to whole customer’s organization and later use those objects for various services connected to hosted customer’s organization. For example customer can create user account and later assign Exchange mailbox to this account or make this account SharePoint site owner.
It is needed to maintain correct logical hierarchy of common objects and different services inside hosted customer’s organizations and to avoid duplicate accounts creation when number of services grows.
Creating Root Organizational Unit
Open Active Directory Users and Computers (ADUC) and create a new Organizational Unit (OU) where hosted organization’s sub-OUs will be located, e.g. "DNP Hosting". Please take a note that it will be difficult to change it later so choose it carefully.
Open the property pages of the root hosting OU and go to Security tab (in case you do not see Security tab go to View > Advanced Features in ADUC). Press Advanced button and uncheck “Allow inheritable permissions from parent…”. Press Copy, OK and Yes in next dialog boxes.
Remove permissions for the Pre-Windows 2000 Compatible Access
Press Advanced tab again. Sort permissions by name. Find Authenticated Users. You will find two strings connected to Authenticated Users. Please do NOT edit or delete string connected to Authenticated Users with Read Property permissions and that is applied to This Object and All Child Objects. Edit ONLY string connected to Authenticated Users that is applied to This Object only.
Open this string. Leave only "List contents" permission for Authenticated Users.
Installing DNP Server component on server where Hosted Organizations module will be deployed.
Choose "AD account"
In order to allow DNP Server to communicate with AD, Exchange 2007, WSS 3.0 its account for web site and application pool should be AD global account, but not a local server account. The default name of the account is "DNPServer" (it may have a different name specified during DNP Server installation).
Check DNP Server account membership
DNP Server account must be a member of "Domain Admins" AD group and local "IIS_WPG" and "Administrators" groups on local server. In case this server is domain controller - "IIS_WPG" and "Administrators" are AD groups too.
In case Hosted Organizations module is going to be used with Hosted Exchange module – DNP Server account should be added to "Exchange Organization Administrators" AD group.
After checking DNP Server account, check it for both "DotNetPanel Server Pool" and "DotNetPanel Server" web site anonymous account. Please note that User logon name in Pre-Windows 2000 (or SAM) format (domain\DNPServer) should be entered there.
Please do not forget to restart DotNetPanel Server pool and web site after you added DNP Server account to appropriate groups, check pool identity and web site anonymous assess. Also you can simple run iisreset on this server if it is not in production.
Setting up Hosted Organizations Service in DNP
Switch DNP to AD mode. Specify AD domain name and select "None" authentication type.
On "Hosted Organizations" service specify service settings:
- Preferred Domain Controller (FQDN). This Domain Controller will be the target for all changes in AD (creating users, OUs, etc).
- Root OU name ("DNP Hosting" by default)
- Temporary Domain Name ("my-temp-domain.com" by default). Temporary domain name will be used as suffix when creating default domain for the organizations.
Now you can use "Hosted Organizations" in Virtual Servers and Hosting Plans together with “Hosted Exchange” and “Hosted SharePoint” modules!