Installing SharePoint without AD?


Update: Judging from the comments I've received, no doubt many has tried this path - however it is IMPORTANT to note that this is NOT A SUPPORTED deployment. Using non-domain account for installing and configuring SharePoint will result in ending up with only ONE web server and ONE database - that's it - NO splitting of roles in the WFE, and NO redundency support, and you CAN'T add more servers. 


There has been tons of posts about using Form-based authentication for MOSS (almost all of them are on using the ASP.Net SqlMembership provider). That is really a great improvement over SPS2003. Recently I was helping a customer who had the challenge of deploying MOSS, not just with form-based authentication, but also to deploy SharePoint farm on an SQL server which is not a member of an AD domain.


At first glance, this may not seem possible - the configuration wizard for setting up the configuration database expects a domain account to connect to the database server (workgroup account will work fine if the entire farm is on one single box) - which is not good if we want to use SQL authentication.


Now, here's one of the reason why the SharePoint installation wizard has a checkbox prior to running the configuration wizard:


Right after installation, uncheck this checkbox, or if you did and were halted at the "Specify Configuration Database Settings" page, simply close the wizard. What we need to do now is to go to our SQL Management Studio (or SQL Enterprise Manager for SQL2K), and create four databases manually. Make sure these databases are created with the Latin1_General_CI_AS_KS_WS collation (for the curious, C = Case, A = Accent, K = Kana, W = width, and I/S for Insensitive/Sensitive). These four databases would be: the SharePoint Configuration, SharePoint Admin Contents, Shared Services, and Shared Services Search. Assign the SQL login that we are going to use for MOSS as the dbo for these four databases - let's name them as "SharePoint_Config", "SharePoint_AdminContent", "SharedServices_DB" and "SharedServicesSearch_DB".


Now fire up the command line console and use the following command (from the 12 hive* folder, "bin"):
*12 hive being the %programfiles%\common files\blah blah blah\12 - you get the idea.

PSConfig -cmd -configdb -create -server database_servername -database SharePoint_Config -user domain/username -password password
-dbuser sharepoint_login_username -dbpassword sharepoint_login_password -admincontentdatabase SharePoint_AdminContent


The arguments for:


server - this would be your SQL Database Server's Instance name
database - the database name for SharePoint's configuration (we name it SharePoint_Config here)
user - the windows account used as the server farm's administrator account
dbuser - the SQL login account to connect to the database
admincontentdatabase - the database name for SharePoint's Central Administration site (SharePoint_AdminContent)


Most importantly here are the dbuser and dbuserpassword arguments. These are not available from the configuration wizard UI.


Running the PSConfig command:



Now, we are ready to resume the configuration wizard. Re-start the wizard from the start menu (Start -> Programs -> Office Server -> SharePoint Configuration Wizard...). The configuration wizard is smart enough to detect that we already have the configuration database created:



Unless we want to recreate the databases again, choose not to disconnect from the server farm. Follow the wizard on as per usual installation. Now when it comes to configuring the farm's services, we can easily configure it to use SQL Authentication:


Ditto for every subsequent content databases that the wizard will need to create for every site in our Farm. Now when it comes to setting up the SSP, simply point the database to the ones that were manually created earlier, and supply the SQL Authentication credentials as well.


So, it's actually possible, and quite easy in fact (once you have figured out the command parameters!) to deploy MOSS that connects to SQL using SQL logins! One BIG caveat with this though: We will be limited to ONLY ONE topology, which is 1 MOSS box, and 1 SQL box. That's it - no farms. Not scalable, but not impossible either.

Comments (24)
  1. Erwan.lancien says:

    Hi,

    Good job, it’s really simple indeed. But What about a second front end web server in the farm ? I try the same procedure with the "-cmd -connect" but it does’nt work. I always have the same message "User parameter specified … not valid". User shoulb be local or global domain account.

    Any idea ?

  2. msellman@realtheory.com says:

    On the other servers in the farm you’ll need to use the connect switch with the following parameters …

    PSConfig -cmd -configdb -connect -server database_servername -database SharePoint_Config -user domain/username -password password

    -dbuser sharepoint_login_username -dbpassword sharepoint_login_password

  3. adandrea says:

    Quick clarification.

    When you say this will work for WFE does this include WFE servers not in the same domain as the server farm? I have a separate non-trusted domain where I’m trying to run a WFE that I need to connect/join to the Server Farm in the other domain.

    I’ve tested and a SQL connection to the database with the -dbuser account connects to the db just fine, but when I run your command to connect the WFE, I’m getting an error with the -user parameter.

    It’s suggesting I should be using the other domain’s server farm account to access the database or join the server farm. Again as the domains are un-trusted the -user account doesn’t exist in the WFE server‘s domain.

    I thought the whole point here was to be able to connect independent of domain / shared account and use SQL accounts alone.

    What am I missing?

  4. fooshen says:

    Hi Adandrea,

    You would need to use the local workgroup account’s credential for the -user parameter in this scenario. Let me know how it works out for you. Cheers!

  5. amermarji says:

    Can you provide more clarifications on how to install the SSP. Do I have to install the SSP using the command line tool or can it be done from the Central Admin UI. I was able to create the WebApp that will host the SSP but when i Create the SSP i get the following error:

    "The current process identity does not have the required permissions to manage security on database server ‘SQL Server’."

    Its probably complaining about the SSp Service Credentials because this account does not have Security Admin rights on the SQL server and can not since its not on a domain.

  6. JohnGT says:

    I’m stuck on the same problem as Adandrea.

    When I try to add a new server using a local user (even with the same uid/pw) I get an error saying I must use the same user as the original server or a new DB.

    When I try to add the new server with the username from the other server (like the error states), I get an error saying I must use a local account or a domain account.

    I’m stuck. Any advice would be helpful. Thanks!

  7. jrspence says:

    I have a database server and a wss web server both in a work group.  I follow the step above and have the first wss server and db machine talking, but when I go to connect the 2nd web server in the farm.  I get the following:

    The user parameter specified with the configdb is invalid.

    The username entered must be the same as the database access account for the server farm you wish to join.  Either choose STSVQBC1SharePointConfigUser as the username or choose a differnet database name.

    When I switch to use the STSVQBC1SharePointConfigUser (which was the local user on the first web farm box) I get the following:

    The user parameter specified with the configdb is invalid.  The account must be a local account or a global domain account.

    Any ideas on how I get around this to add the second front end to the farm?  

  8. uerzu says:

    Hi,

    I have used the psconfig command to set up MOSS instances on database servers in the same AD-Domain and it worked just fine.

    But now I have a database server in a domain different to the domain of my WFE. I tried to use the -dbuser and -dbpassword parameters with psconfig (as you described) in order to set up MOSS with SQL authentication. But I keep getting an error:

    The -dbuser command is invalid.

    Any idea?

  9. p.o says:

    Hi

    I’m trying to install project 2007 but during setup I’ve got error message that first taks is completed but second is not

    This is a piece of my log:

    07/23/2007 21:20:45  1  INF            Resource id to be retrieved is ConfigurationDatabaseTaskCreateFailConfigDisplayLabel for language English (United States)

    07/23/2007 21:20:45  1  INF            Resource retrieved id ConfigurationDatabaseTaskCreateFailConfigDisplayLabel is Failed to create the configuration database.

    07/23/2007 21:20:45  1  INF          Leaving function StringResourceManager.GetResourceString

    07/23/2007 21:20:45  1  ERR          Failed to create the configuration database.

    An exception of type System.Security.Principal.IdentityNotMappedException was thrown.  Additional exception information: Some or all identity references could not be translated.

    System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.

      at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)

      at System.Security.Principal.NTAccount.Translate(Type targetType)

      at Microsoft.SharePoint.Administration.SPProcessIdentity.GetMachineRelativeSecurityIdentifier(SPServer server, Boolean& isMachineAccount)

      at Microsoft.SharePoint.Administration.SPProcessIdentity.GrantIdentityDatabaseAccess()

      at Microsoft.SharePoint.Administration.SPProcessIdentity.Update()

      at Microsoft.SharePoint.Administration.SPWindowsService.Update()

      at Microsoft.SharePoint.Administration.SPFarm.CreateBasicServices(SqlConnectionStringBuilder administrationContentDatabase, IdentityType identityType, String farmUser, SecureString farmPassword)

      at Microsoft.SharePoint.Administration.SPFarm.Create(SqlConnectionStringBuilder configurationDatabase, SqlConnectionStringBuilder administrationContentDatabase, IdentityType identityType, String farmUser, SecureString farmPassword)

      at Microsoft.SharePoint.Administration.SPFarm.Create(SqlConnectionStringBuilder configurationDatabase, SqlConnectionStringBuilder administrationContentDatabase, String farmUser, SecureString farmPassword)

      at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.CreateOrConnectConfigDb()

      at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Run()

      at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()

    Any Idea ?

  10. Dineshkst says:

    I tried to join second WFE. It rejects the user parameter of both local(svr2id1) & the first WFE ids(svr1id1).If I use local id, since the config DB contains different id, it rejects it. If I use the first WFE’s id, the log file shows that it tries to get SID for the first WFE account on the current server & fails.

    Unless Microsoft gives some workaround for this, it’s not going to work I guess.

  11. skdigital says:

    I have WFE on Windows 2003 server and created config DB (same name as example here) on SQL 2005 on Windows Vista. Both machines are on same workgroup. When I run the following PSConfig command from Windows 2003 machine

    (WFE),

    C:Program FilesCommon FilesMicrosoft Sharedweb server extensions12BIN>PSCo

    nfig -cmd -configdb -create -server VistaSQL -database SharePoint_Config -user VistaSQL/admin -password mypassword -dbuser testsharepoint -dbpassword testpassword -admincontentdatabase SharePoint_AdminContent

    it gives me this error.

    The user parameter specified with the configdb command is invalid.

    The username is invalid.  The account must be a local account or a global domain account.

    What am I missing? Thanks.

  12. DaveMoss says:

    fooshen! Great blog. Have you or anyone tried running full backup of MOSS farm using STSADM?

  13. tjp says:

    This is fantastic information but I think I am missing something somewhere along the line.

    I set everything up and now am ready to setup and start the SSP, trouble is I seem to need an indexer to do that.  Then I try to set up the search stuff on the server it fails out; presumably because the user I allocate to the search doesn’t have access to the datbase.

    Any ideas?

  14. sreejukg@hotmail.com says:

    Is anybody succeeds in adding wfe to the farm using the command line argument

    if so please help

  15. plug says:

    Hello,

    I used local workgroup account’s credential, but it doesn’t work. I received the following error: "The username entered must be the same as the database access account for the server farm you wish to join. Either choose <myfirstserver><myaccount> as the username or choose a different database name". I have the same account… but I’m on the second server… Do you know a workaround ?

  16. ahudson says:

    I’ve the same problem as Adandrea we have a WFE on one side of a DMZ to the SQL server, but when we try to connect with the "-cmd -connect" it does’nt work. We get the User should be local or global domain account.

    I have tried this with using -user set up as a domain account and a local account but it does not want to work.

    Is it possible?

  17. First off thanks for posting this.  Second, this is just nuts. why would they assume you are going to install sharepoint databases on the local machine and not give you the options?

    I would help there Social Services install for 44 000,$ has this feature without me doing a 6 command line install.

    is this linux or windows?

    Mike

  18. jmarin says:

    Hi I’m trying to use this workaround to connect SharePoint Services 3.0 to my SQL 2000 server. I followed the instructions you provided and keep getting the following error:

    The server parameter specified with the configdb command is invalid.

    Failed to connect to the database server or the database name does not exist.  Ensure the database server exists, is a Sql server, and that you have the appropriate permissions to access the database server.  To diagnose the problem, review the extended error information located at C:Program FilesCommon FilesMicroso

    ft SharedWeb Server Extensions12LOGSPSCDiagnostics_12_27_2007_16_28_44_625_1

    828696129.log.  Please consult the SharePoint Products and Technologies Configuration Wizard help for additional information regarding database server security configuration and network access.

    I was entering the IP address of the SQL server in the following format: x.x.x.x,port I also tried x.x.x.x:port

    I have SQL listening on a different port than 1433 for security reasons. Should I be using a different format or something? I’d love some help with this.

  19. shaikh_intekhab@hotmail.com says:

    I tried to add second server as mentioned.

    But i get the error

    The user parameter specified with the configdb command is invalid.

    The username is invalid.  The account must be a local account or a global domain

    account.

  20. fooshen says:

    Hi all,

    First off, thanks for all the comments (i did not realize that I had the comment approval turned on, and did not check that there are quite a number of unpublished comments!).

    I guess there are some confusion around this post, which after some trial and error (in fact, it has been documented on MS Technet) – this method can only support 1 WFE to 1 DB. The SSP has to sit on the same WFE as well. So we can’t put in more than 1 box for MOSS. Bummer for now.

  21. SAPA IT Guy says:

    Thanks for this tutorial! Something that I got stuck on was teh fact that all the Sharepoint documentation tells you to install SP on all servers before configuring your sites. I got that stuck in my head.

    I got this to work by simply using the WFE as the one and only SP server.

    1- I installed SP and didn’t automatically configure the server after install.

    2- I ran the cmd script above on the WFE, pointing it to a separate DB server.

    3- Ran the config wizard from the WFE.

    Worked great. No problems at all after a day of fighting with trying to install SP on the WFE AND the DB server. The above worked only when installing on the WFE and running all the configs with the local WFE user.

    Thanks for all the help and hoepfully this will help others not make the same mistake I did.

  22. florian_b says:

    Hey,

    great article…maybe you can help me a little bit…when i try to start the ssp i get the error “Server not joined to a farm”…the german original error is “Dieser Server ist nicht mit einer Farm verbunden”…

    I do not understand, because i ran psconfig and connected to the farm…the second interesting thing is that in central administration there´s only one server in the farm mentioned…the databaseserver…

    maybe you got a hint…

    regards

    florian

  23. Joseph Davis says:

    SharePoint without AD and clean database names and FBA

  24. Ca fait un petit moment qu’avec plusieurs autres SharePointeurs, on discute de la meilleure configuration

Comments are closed.

Skip to main content