Deployment Automation features in the HMC 3.5 deployment tool

1.1.2   Create Servers OU

Steps Performed.

1.  Creates the Servers OU hierarchy in Active Directory

1.1.3   Configure MPS SQL Service Account

Steps Performed:

1.  Add the MPSSQLService account to the Windows-based Hosting Service Accounts group

1.1.4   Configure MPS Cluster Admin

Steps Performed:

1.  Add the MPSClusterAdmin account to the Windows-based Hosting Service Accounts group

1.1.5   Configure MPF Service Account

Steps performed.

1. Add the MPFServiceAccts group to the Windows-based Hosting Service Accounts group

2.  Query the registry to discover the name of the MPF Configuration Server

3.  Query WMI to determine if configuration server represents a cluster.

4.  If configuration server is a cluster, enumerate the nodes of the cluster.

5.  Query WMI to determine the names of any MPF engine servers

6.  For each MPF engine, configuration server, or configuration server node, add the MPFServiceAccts group to the local Administrators group on each machine.

1.1.6  Initialize Namespace Security

Steps Performed:

Configures the context under which various provisioning namespace procedures run.

1.1.7  Initialize Active Directory for Hosting

Steps Performed:

1.     Creates the Hosting OU

2.     Removes permissions from the Authenticated Users group to the Hosting OU

1.1.8   Configure MOM Service Account

Steps Performed:

1.  Add the MOMService account to the Windows-based Hosting Service Accounts group

2.  Grant the following user rights to the MOMService account on the MOM servers specified in <serverName>:

                        Act as part of the operating system

    Create a token object

    Log on as a batch job

    Log on as a service

1.1.9  Configure MOM Action Account

Steps Performed:

1.  Add the MOMAction account to the Windows-based Hosting Service Accounts group

1.1.10  Configure Reporting Services

Configures service startup behavior on the MOM SQL Server

Steps performed.

1. Set Distributed Transaction Coordinator (DTC) service to Automatic startup

2. Set SQLSERVERAGENT service to Automatic startup

3. Set Microsoft Search Agent to Disabled

4. Start DTC service

5. Start SQLSERVERAGENT

6. Stop Microsoft Search Agent

1.1.11  Disable Domain RUS

Disables the domain Recipient Update Service.

Steps Performed:

1.   Disables the Domain Recipient Update Service in Exchange.

1.1.12  Native Mode

Sets Microsoft Exchange to Native Mode

Steps Performed:

1.  Sets Microsoft Exchange to Native Mode

1.1.13  Prepare Address List Security

Configures security on the All Address Lists container to prevent users and customers from resolving each other's names in Outlook.

Steps Performed:

1. Secures the "All Address Lists" container in Exchange

a. Disable inheritable permissions from propagating from parent

b. Remove Authenticated Users Group

c. Remove Everyone Group

1.1.14  Configure Exchange Address List Security

Steps performed

1. Delete default address lists

a. Delete All Users default address list

b. Delete All Groups default address list

c. Delete All Contacts default address list

d. Delete Public Folders default address list

2. Secure the Global Address List

a. Disable inheritable permissions from propagating from parent

b. Remove Authenticated Users Group

c. Remove Everyone Group

1.1.15  Configure Exchange Front End Servers

Automates configuration of an Exchange Front End Server.

Steps performed

1. Disable the Microsoft Exchange Information Store

2.  Enable Services

a. POP3

b. IMAP

3. Configure Virtual Directories

a. Exchange

b. Public

c. RPC

1.1.16  Configure MPS Exchange Security

Configure MPSExchangeAccts group

Steps Performed:

1.  Ensure MPSExchangeAccts group exists

2.  Add MPSExchangeAccts group to local administrators on MPS server

3.  Ensure MPSPrivAcct-xxxx is a member of MPSExchangeAccts group

1.1.17  Create OAB Lifetime Registry Keys

Create a registry key in order to configure automatic generation of Offline Address Books in the hosting environment.  Configuration of the OAB Lifetime registry key is required on all back, OAB Exchange Servers, and Front-end servers.

Steps Performed:

1.   Enumerate all Exchange servers

2.   Create the following registry keys on each server:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeSA\Parameters]

"OAL Folder Lifetime (days)"=dword:00000000

Note- by setting OAL Folder Lifetime to zero, this prevents Exchange from allowing Offline Address Books to expire.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeSA\Parameters]

"Disable OABScanTask"=dword:00000001

Note - by disabling the OAB scan task, this prevents Exchange from trying to scan all of the OAB's during nightly online maintenance.

1.1.18  Configure Sharepoint Services Security

Required Input:

1.  <serverName>

2. <username> -- The domain logon name of the domain account created for Sharepoint services (e.g. Sharepoint_AppID). This should be in the format of Domain\UserName.

Steps Performed:

1. Ensure account existence.

2.  Create a new SQL Login for the supplied user name.

3.  Add the SQL Login to the following server roles:

a.  Security Administrators

b.  Process Administrators

c.  Database Creators