About Me

I've been working with the .NET platform for about 6 years, with a focus in web development and SharePoint.

I have my bachelor's degree in computer science from the University of Arizona, and I currently hold certifications as a Microsoft Certified Professional Web and Enterprise Application Developer.

Find me on LinkedIn

Download Resume

Calendar

View posts in large calendar

Installing SharePoint 2007/2010 with Active Directory 2000

The first order of business should be upgrading your domain controller since apparently SharePoint 2007+ doesn't play nice with this legacy version of AD (http://msmvps.com/blogs/obts/archive/2006/09/27/143844.aspx). If that's not an option before your install of SharePoint, you'll need to do the following in order to use any domain accounts for the various SharePoint service accounts (required if you're building a multi-server farm).

Disable domain digital encryption on all SharePoint servers:

Navigate to Administrative Tools > Local Security Policy
Expand 'Local Polices'
Select 'Security Options'
Navigate to the 'Domain member: Digitally encrypt or sign secure channel data (always)' item within the main display pane and right click > properties - disable.
Repeat the previous step for the 'Domain member: Digitally encrypt secure channel data (when possible)' and 'Domain member: Digitally sign secure channel data (when possible)' items.
RESTART ALL SERVERS (This change will not take effect until the relevant server is restarted.

This should alleviate the problems with locating domain users based on their 'friendly' Netbios name rather than SID's. Without this change you will receive the following error when trying to provide domain account credentials for the farm service account while running the SharePoint configuration wizard:

The username is invalid. The account must be a valid domain account.

In addition, when trying to add a domain account login to the Sql Server instance you will receive the following error:

Create failed for login…Windows NT user or group domain\username not found. Check the name again.

Couldn't find any documentation on the 'net regarding this obscure scenario, so I wanted to share my insight. Disclaimer: I'm not a sys-admin so I cannot comment on the security compromises that this change might introduce.

Posted on 5/12/2010 8:55:00 AM by sterlingt

Permalink | Comments (2) | Post RSS RSS comment feed |

Categories: MOSS 2007 | SharePoint 2007 | WSS 3.0

Tags:

Be the first to rate this post

Currently 0/5 Stars.
1
2
3
4
5

Making MOSS 2007 and WSS 3.0 play nicely with Adobe Acrobat PDF DocumentsSharePoint 2007 Back-up Schedule & Recovery ProceduresWSS 3.0 Subsite Display Web Part

Comments

May 27. 2010 17:20

Tracy,

Thaank you very much for sharing your insight on this AD2000 service account issue, I followed your suggestion but still configuration wizard is not recognizing the service account!! Luckily setup service account is recognized!!
Any idea!
Tomorrow I will check with AD team and let you know my findings on it!

Thanks&Regards,
Gopi Ega

Gopi

July 8. 2010 11:06

Tracy,

I overcome this problem by logging with farm service account on to the server where I am running the configuration wizard.After windows user profile got created, I logged off and login back with setup account. Then Configuration wizard start recognizing the farm account. Seems the SID is not recognizing unless service account logs on to server atleast once.

Regards,
Gopi Ega

Gopi

Add comment

Name*
E-mail*
Website
Comment* [b][/b] - [i][/i] - [u][/u]- [quote][/quote]

Notify me when new comments are added

Live preview

September 9. 2010 19:57

Signature Sterling

Take your work seriously...but never yourself.