Setup of DomainService for TechIDManager

This document describes how to setup the DomainService that runs on each domain (or workstation in a workgroup) to create and manage identities for technicians.

The DomainService should only be installed on one (1) DC in a domain, usually the primary DC. 

The DomainService should be installed with “local” commandline argument on all windows machines where you want to make local admin accounts for techs. 

Definitions:

Target Machine – Domain Controller, or a machine, where identities will be managed

Client ID – Guid assigned by RuffianSoftware in the form XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX where X is an alphanumeric character. If you don’t have one yet Request a Client ID. The same Client ID should be used everywhere you install a DomainService, TechIDManager.AzureAD, or TechClient.

DomainService.zip – File with all the required executable parts of the DomainService downloaded from the RuffianSoftware webpage for the DomainService. 

Install Folder – Folder on the Target Machine where all the domain service files will reside. By convention this is c:\Program Files\RuffianSoftware.

 

Steps:

  1. Copy all DomainService.zip to the Install Folder on the Target Machine. Extract the contents of DomainService.zip
  2. From an administrative commandline in the Install Folder run the following command. This can be scripted from most RMMs also.

DomainService.exe install
DomainService.exe clientguid {ClientID}
DomainService.exe … other options
DomainService.exe start

  1. Don’t put the brackets {}, and don’t worry, the DomainService command line can be rerun at any time to change or add names and other options.
  2. Replace {Client ID} with the Guid assigned from RuffianSoftware
    1. You use the same ClientID for all installs.
  3. More commandline options are available from the commandline with “DomainService.exe help” and by reading below.
  4. The command should finish with something about success like this:

At this point the domain will be assigned to the “All Domains” domain group in the Management Console and any techs and rights assigned with “All Domains” in a DomainTechRights group will be created.

 

In general, DomainService.exe can be run to set options that are used by the service later when it runs. Options can be set on separate lines to ease scripting and installing. The complete command line help can be seen from the command line with “DomainService.exe help“. 

The options listed on this page are for the most recent version of DomainService.exe. Some older versions don’t support all these options. All options are of the format ABC or XYZ value where ABC is an option to set with no additional parameters and XYZ requires an additional commandline parameter value. See “start” and “clientguid” above. 

  • help – Show this helpful output
  • show – show all options that are set. 
  • install – Install the RuffianDomainService
  • uninstall – Uninstall the RuffianDomainService
  • start – start the RuffianDomainService (same as “net start RuffianDomainService”)
  • stop – stop the RuffianDomainService (same as “net stop RuffianDomainService”)
  • update – shortcut for the commandline: stop uninstall install start
  • clientguid value – Specify the ClientGuid to use when accessing the Management Console
  • domainguid value – Specify the DomainGuid to use when accessing the Management Console (This is unique to each domain, and should ONLY be set when migrating a domain controller)
  • OU value – Specify the OU to create tech accounts in the form x.y.z… where x is the top level OU, and y is a child OU of X, and Z is a child OU of Y, etc… (use “reset” to return to default value) https://ruffiansoftware.com/ad-ou-feature-in-domainservice-piece-of-techidmanger
  • friendlyname value – Specify a searchable string for use in the TechClient that is specific to this domain or machine
  • rmmname value – Specify a searchable string for use in the TechClient that is specific to this domain or machine (This is NOT the name of the RMM used on this machine)
  • force – Run once in this context and exit (for testing only – do not use without explicit direction to do so from Ruffian Software)
  • displayname value – Specify the format used to set the Display Name in AD for managed tech accounts (use “reset” to return to default value) https://ruffiansoftware.com/username-feature-in-domainservice-piece-of-techidmanger 
  • username value – Specify the format used to make the UserName for managed tech accounts (use “reset” to return to default value) https://ruffiansoftware.com/username-feature-in-domainservice-piece-of-techidmanger
  • accountdescription value – Specify the format used to set the Account Description in AD for managed tech accounts (use “reset” to return to default value) https://ruffiansoftware.com/username-feature-in-domainservice-piece-of-techidmanger
  • phone value – Specify the format used to set the phone number in AD for managed tech accounts (use “{blank}” to not set the phone number)
  • email value – Specify the format used to set the phone number in AD for managed tech accounts (use “{blank}” to not set the email)
  • loglevel value – Specify the loglevel used to 0 (less) to 10 (more)
  • cmdline – run continually as if running as the service (for testing only – do not use without explicit direction to do so from Ruffian Software)
  • gui – show a graphical user interface for setting options
  • local – make local accounts on this machine
  • nonlocal – make domain accounts on this domain controller (local and nonlocal are mutually exclusive options
  • hideonloginscreen – prevent techs’ local accounts from showing on the windows login screen. If using this option on a non-domain joined machine for local accounts read Login Screen Changes.
  • showonloginscreen – show techs’ local accounts on the windows login screen
  • delaytime value – scan delay for runtime in minutes (default is 45)
  • hourtorun value – 24 hour based hour in which runtime changes passwords (default is 0)
  • forceshortnames – force the use of user names with length no more than 20 character
  • allowlongnames – allow the use of user names with any length (this is the default behavior)
  • passwordlength value – override management console password length setting for just this domain (range is 8-128) (use “reset” to return to using management console value)
  • version – print out the version of this DomainService.exe
  • host value – specify the address of the CentralHost if using self-hosted TechIDManager (normally left blank)

1 thought on “Setup of DomainService for TechIDManager”

Comments are closed.