Setup of DomainService for TechIDManager

This document describes how to setup the DomainService that runs on each domain (or workstation in a workgroup) to create and manage identities for technicians.

The DomainService should only be installed on one (1) DC in a domain, usually the primary DC. 

The DomainService should be installed with “local” commandline argument on all windows machines where you want to make local admin accounts for techs. 

Definitions:

Target Machine – Domain Controller, or a machine, where identities will be managed

Client ID – Guid assigned by RuffianSoftware in the form XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX where X is an alphanumeric character. If you don’t have one yet Request a Client ID. The same Client ID should be used everywhere you install a DomainService, TechIDManager.AzureAD, or TechClient.

DomainService.zip – File with all the required executable parts of the DomainService downloaded from the RuffianSoftware webpage for the DomainService. 

Install Folder – Folder on the Target Machine where all the domain service files will reside. By convention this is c:\Program Files\RuffianSoftware.

 

Steps:

  1. Copy all DomainService.zip to the Install Folder on the Target Machine. Extract the contents of DomainService.zip
  2. From an administrative commandline in the Install Folder run the following command. This can be scripted from most RMMs also.

DomainService.exe install
DomainService.exe clientguid {ClientID}
DomainService.exe … other options
DomainService.exe start

  1. Don’t put the brackets {}, and don’t worry, the DomainService command line can be rerun at any time to change or add names and other options.
  2. Replace {Client ID} with the Guid assigned from RuffianSoftware
    1. You use the same ClientID for all installs.
  3. More commandline options are available from the commandline with “DomainService.exe help” and by reading below.
  4. The command should finish with something about success like this:

At this point the domain will be assigned to the “All Domains” domain group in the Management Console and any techs and rights assigned with “All Domains” in a DomainTechRights group will be created.

In general, DomainService.exe is run to set options that are used by the service later when it runs. Options can be set on separate lines to ease scripting and installing. The complete command line help can be seen from the command line with “DomainService.exe help“. 

The options listed on this page are for the most recent version of DomainService.exe. Some older versions don’t support all these options. All options are of the format ABC or XYZ value where ABC is an option to set with no additional parameters and XYZ requires an additional commandline parameter value. See “start” and “clientguid” above. 

  • help – Show this helpful output
  • show – show all options that are set. 
  • install – Install the RuffianDomainService
  • uninstall – Uninstall the RuffianDomainService
  • start – start the RuffianDomainService (same as “net start RuffianDomainService”)
  • stop – stop the RuffianDomainService (same as “net stop RuffianDomainService”)
  • update – shortcut for the commandline: stop uninstall install start. See update documentation for how to do this. 
  • JustInTime – (version 4.0 and newer) make all accounts controlled by this instance be Just-In-Time accounts 
  • Managed – (version 4.050 and newer) make all the accounts controlled by this instance be managed accounts (this is the default) 
  • clientguid value – Specify the ClientGuid to use when accessing the Management Console
  • domainguid value – Specify the DomainGuid to use when accessing the Management Console (This is unique to each domain, and should ONLY be set when migrating a domain controller)
  • OU value – Specify the OU to create tech accounts in the form x.y.z… where x is the top level OU, and y is a child OU of X, and Z is a child OU of Y, etc… (use “reset” to return to default value) https://ruffiansoftware.com/ad-ou-feature-in-domainservice-piece-of-techidmanger
  • domain value – (version 4.073 and newer) Specify the “Alternate UPN Suffix” to use when creating techs’ users. This only needs to be specified if you have alternate UPN suffixes setup on a DC and want to use one of those to create techs’ users. 
  • friendlyname value – Specify a searchable string for use in the TechClient that is specific to this domain or machine
  • rmmname value – Specify a searchable string for use in the TechClient that is specific to this domain or machine (This is NOT the name of the RMM used on this machine)
  • force – Run once in this context and exit (for testing only – do not use without explicit direction to do so from Ruffian Software)
  • displayname value – Specify the format used to set the Display Name in AD for managed tech accounts (use “reset” to return to default value) https://ruffiansoftware.com/username-feature-in-domainservice-piece-of-techidmanger 
  • username value – Specify the format used to make the UserName for managed tech accounts (use “reset” to return to default value) https://ruffiansoftware.com/username-feature-in-domainservice-piece-of-techidmanger
  • accountdescription value – Specify the format used to set the Account Description in AD for managed tech accounts (use “reset” to return to default value) https://ruffiansoftware.com/username-feature-in-domainservice-piece-of-techidmanger
  • phone value – Specify the format used to set the phone number in AD for managed tech accounts (use “{blank}” to not set the phone number)
  • email value – Specify the format used to set the phone number in AD for managed tech accounts (use “{blank}” to not set the email)
  • loglevel value – Specify the loglevel used to 0 (less) to 10 (more)
  • cmdline – run continually as if running as the service (for testing only – do not use without explicit direction to do so from Ruffian Software)
  • gui – show a graphical user interface for setting options
  • local – make local accounts on this machine
  • nonlocal – make domain accounts on this domain controller (local and nonlocal are mutually exclusive options
  • hideonloginscreen – prevent techs’ local accounts from showing on the windows login screen. If using this option on a non-domain joined machine for local accounts read Login Screen Changes.
  • showonloginscreen – show techs’ local accounts on the windows login screen
  • HourToRun value – 24 hour based hour in which runtime changes passwords (default is 0). This can be a comma separated list of hours to run in (i.e.  “0,9,18” will at midnight, 9 am, and 6 pm). 
  • RunAfterMiss – If the HourToRun window is missed, then run as soon as the machine is capable.
  • RunInWindow – Only run during the HourToRun window. Don’t run at other times (this is the default). 
  • forceshortnames – force the use of user names with length no more than 20 character
  • allowlongnames – allow the use of user names with any length (this is the default behavior)
  • passwordlength value – override management console password length setting for just this domain (range is 8-128) (use “reset” to return to using management console value)
  • version – print out the version of this DomainService.exe
  • host value – specify the address of the CentralHost if using self-hosted TechIDManager (normally left blank)

  • InstallLAMS – Install the LAMS only portion of DomainService, and do not run the default unique account instance of DomainService. 
  • SharedUser name – Create a shared user instance of DomainService and control the password for the name user. This will show up as an agent with the MachineName\name in the Management Console. All options after this on the command line apply only to this named instance. 
  • Instance name – Create a unique account control instance of the DomainService. This can be used to control the username formatting for a subset of techs in a co-managed setup. This will show up as an agent with the MachineName\name in the Management Console. All options after this on the command line apply only to this named instance. 
  • RemoveInstance name – Remove the instance with the given name
  • RemoveSharedUser name – Remove the shared user instance with the given name
  • DoNotRun – Cause the current instance (as specified earlier on the commandline) to not be scanned. This leaves all the data intact for the instance and it can be set to run later with “DoRun”
  • DoRun – Cause the current instance (as specified earlier on the commandline) to be scanned. This is the default for all instances that are created. 

1 thought on “Setup of DomainService for TechIDManager”

Comments are closed.