Accordion Street Musician
Originally uploaded by JohnStover

Step 1.  Backup.  You should already have EVERYTHING backed up, but chances are you don’t.  Or you don’t trust what you do have.  Or you haven’t tested your backups.  So, backup your domain controllers PRIOR to any major changes.

Step 2.  Generate the current FOREST description XML file called domainlist.xml.  This XML file contains a textual description of your domain.   At the command prompt, enter:  RENDOM /LIST

Step 3.  Edit domainlist.xml.  You can make a backup copy of the file first, but basically open the file up directly and edit it.  You only need to change the domain name portions.    My file sample is below.  Change only the items that I have in BOLD. 

<?xml version ="1.0"?>
<Forest>
    <Domain>
        <!– PartitionType:Application –>
        <Guid>6d44b011-f29f-4455-9ae8-becca5ed6cc7</Guid>
        <DNSname>ForestDnsZones.NAME.ORG</DNSname>
        <NetBiosName></NetBiosName>
        <DcName></DcName>
    </Domain>
    <Domain>
        <!– PartitionType:Application –>
        <Guid>199b277c-49f8-4909-8fbc-615f287fdfaf</Guid>
        <DNSname>DomainDnsZones.NAME.ORG</DNSname>
        <NetBiosName></NetBiosName>
        <DcName></DcName>
    </Domain>
    <Domain>
        <!– ForestRoot –>
        <Guid>9a142cae-6b56-485c-85bf-06e3978271cb</Guid>
        <DNSname>NAME.ORG</DNSname>
        <NetBiosName>NAME</NetBiosName>
        <DcName></DcName>
    </Domain>
</Forest>

Step 4.  Upload the instructions.  Using RENDOM to generate and upload the instruction list is as simple as: RENDOM /UPLOAD

Step 5.  Verify readiness by using: RENDOM / PREPARE

Step 6.  Let it rip with: RENDOM /EXECUTE

Step 7.  Restart your domain controller and test, test, test, test, and then test some more…

When configuring a new SharePoint 2010 server using Active Directory authentication, I was setting up the AD Synchronization and received the error “MOSS MA not found”.  This was a simple fix: The Forefront Identity Manager Service was not started.  Started up this service and then was able to configure a new AD synchronization connection.

To create the connection, just go to SharePoint 2010 Central Admin > Application Management > Service Applications > Manage Service Applications > Manage User Profile Store (note that your link will reference the actual name of your Profile Store Service Application).

Under Synchronization, select Configure Synchronization Connections.  If you need a new connection, select Create New Connection or you can edit an existing connection.

I am impressed with the number of connection types that SharePoint supports out of the box: Active Directory, Active Directory Logon Data, Active Directory Resource, Business Data Connectivity, IBM Tivoli Directory Server (ITDS), Novell eDirectory, and Sun Java System Directory Server. 

And, of course, the three primary Authentication Provider types: Windows Authentication, Forms Authentication, and the new Trusted Claims Provider Authentication.

For an AD authentication, I am a huge fan of being able to utilize specific containers for synchronization.  In my demo environment, I’ve created a couple of AD Organizational Units that I’m using for synchronization testing.

In this entire configuration scenario, I find a one item specifically interesting (and humorous) – the error message: MOSS MA not found.  I know that there was a tremendous code base that needed updated, but an error message string still has ‘MOSS’?  The SharePoint 2010 product no longer has the acronym MOSS.  It’s just interesting that there wasn’t a task to do a code search for this Acronym for the new build.  Maybe someone at Microsoft could shed some insight on this.  Just makes me wonder what else will be uncovered.