The data storage of Indeed Certificate Manager can be created in Active Directory using IndeedCM.PersistenceAD.Cfg.exe utility (see Misc folder of the server installation package).

In general, you need Domain Admin rights to create a storage in the domain root folder using IndeedCM.Persistence.AD.Cfg.exe utility. Alternatively, the domain administrator can manually create an Organizational Unit with an arbitrary name and grant full access to the unit and its child objects to the selected user account. The latter, in turn, is used to run the IndeedCM.Persistence.AD.Cfg.exe utility.

To create a data storage, run the IndeedCM.Persistence.AD.Cfg.exe, specifying the /create <LDAP Path> <container name> <subcontainer name> parameter, where:

  • LDAP Path – is the path to container or domain unit, where the storage is to be created
  • container name – is the name of the container to store all the system data in
  • subcontainer name – is the name of subcontainer

Example:

IndeedCM.Persistence.AD.Cfg.exe /create LDAP://"OU=CMS Storage,DC=demo,DC=local" "Indeed Identity" "Indeed CM"

Example of a command to create data storage in the CMS Storage unit of demo.local domain, with container name of Indeed Identity and subcontainer name of Indeed CM.

Give the service account (servicecm) Full Control to This object and all descendant objects for the created Indeed Identity storage.

To do this, do the following:

  1. Open the Security property of the Indeed Identity container.
  2. Click Add and specify a service account (servicecm).
  3. Click Advanced, select the service account and click Edit.
  4. Select the Applies to: This object and all descendant objects.
  5. Set the Full control in the Permissions list.
  6. Click OK and then Apply.


  • No labels