Share via

Installing SharePoint without AD?

  • Article

Update: Judging from the comments I've received, no doubt many has tried this path - however it is IMPORTANT to note that this is NOT A SUPPORTED deployment. Using non-domain account for installing and configuring SharePoint will result in ending up with only ONE web server and ONE database - that's it - NO splitting of roles in the WFE, and NO redundency support, and you CAN'T add more servers.  

There has been tons of posts about using Form-based authentication for MOSS (almost all of them are on using the ASP.Net SqlMembership provider). That is really a great improvement over SPS2003. Recently I was helping a customer who had the challenge of deploying MOSS, not just with form-based authentication, but also to deploy SharePoint farm on an SQL server which is not a member of an AD domain.

At first glance, this may not seem possible - the configuration wizard for setting up the configuration database expects a domain account to connect to the database server (workgroup account will work fine if the entire farm is on one single box) - which is not good if we want to use SQL authentication.

Now, here's one of the reason why the SharePoint installation wizard has a checkbox prior to running the configuration wizard:

Right after installation, uncheck this checkbox, or if you did and were halted at the "Specify Configuration Database Settings" page, simply close the wizard. What we need to do now is to go to our SQL Management Studio (or SQL Enterprise Manager for SQL2K), and create four databases manually. Make sure these databases are created with the Latin1_General_CI_AS_KS_WS collation (for the curious, C = Case, A = Accent, K = Kana, W = width, and I/S for Insensitive/Sensitive). These four databases would be: the SharePoint Configuration, SharePoint Admin Contents, Shared Services, and Shared Services Search. Assign the SQL login that we are going to use for MOSS as the dbo for these four databases - let's name them as "SharePoint_Config", "SharePoint_AdminContent", "SharedServices_DB" and "SharedServicesSearch_DB".

Now fire up the command line console and use the following command (from the 12 hive* folder, "bin"):
*12 hive being the %programfiles%\common files\blah blah blah\12 - you get the idea.

PSConfig -cmd -configdb -create -server database_servername -database SharePoint_Config -user domain/username -password password
-dbuser sharepoint_login_username -dbpassword sharepoint_login_password -admincontentdatabase SharePoint_AdminContent

The arguments for:

server - this would be your SQL Database Server's Instance name
database - the database name for SharePoint's configuration (we name it SharePoint_Config here)
user - the windows account used as the server farm's administrator account
dbuser - the SQL login account to connect to the database
admincontentdatabase - the database name for SharePoint's Central Administration site (SharePoint_AdminContent)

Most importantly here are the dbuser and dbuserpassword arguments. These are not available from the configuration wizard UI.

Running the PSConfig command:

Now, we are ready to resume the configuration wizard. Re-start the wizard from the start menu (Start -> Programs -> Office Server -> SharePoint Configuration Wizard...). The configuration wizard is smart enough to detect that we already have the configuration database created:

Unless we want to recreate the databases again, choose not to disconnect from the server farm. Follow the wizard on as per usual installation. Now when it comes to configuring the farm's services, we can easily configure it to use SQL Authentication:

Ditto for every subsequent content databases that the wizard will need to create for every site in our Farm. Now when it comes to setting up the SSP, simply point the database to the ones that were manually created earlier, and supply the SQL Authentication credentials as well.

So, it's actually possible, and quite easy in fact (once you have figured out the command parameters!) to deploy MOSS that connects to SQL using SQL logins! One BIG caveat with this though: We will be limited to ONLY ONE topology, which is 1 MOSS box, and 1 SQL box. That's it - no farms. Not scalable, but not impossible either.

Comments

  • Anonymous
    February 09, 2007
    Hi, Good job, it's really simple indeed. But What about a second front end web server in the farm ? I try the same procedure with the "-cmd -connect" but it does'nt work. I always have the same message "User parameter specified ... not valid". User shoulb be local or global domain account. Any idea ?

  • Anonymous
    February 20, 2007
    On the other servers in the farm you'll need to use the connect switch with the following parameters ... PSConfig -cmd -configdb -connect -server database_servername -database SharePoint_Config -user domain/username -password password -dbuser sharepoint_login_username -dbpassword sharepoint_login_password

  • Anonymous
    April 27, 2007
    Quick clarification. When you say this will work for WFE does this include WFE servers not in the same domain as the server farm? I have a separate non-trusted domain where I'm trying to run a WFE that I need to connect/join to the Server Farm in the other domain. I've tested and a SQL connection to the database with the -dbuser account connects to the db just fine, but when I run your command to connect the WFE, I'm getting an error with the -user parameter. It's suggesting I should be using the other domain's server farm account to access the database or join the server farm. Again as the domains are un-trusted the -user account doesn’t exist in the WFE server‘s domain. I thought the whole point here was to be able to connect independent of domain / shared account and use SQL accounts alone. What am I missing?

  • Anonymous
    April 27, 2007
    Hi Adandrea, You would need to use the local workgroup account's credential for the -user parameter in this scenario. Let me know how it works out for you. Cheers!

  • Anonymous
    May 03, 2007
    The comment has been removed

  • Anonymous
    June 19, 2007
    I'm stuck on the same problem as Adandrea. When I try to add a new server using a local user (even with the same uid/pw) I get an error saying I must use the same user as the original server or a new DB. When I try to add the new server with the username from the other server (like the error states), I get an error saying I must use a local account or a domain account. I'm stuck. Any advice would be helpful. Thanks!

  • Anonymous
    June 21, 2007
    The comment has been removed

  • Anonymous
    July 02, 2007
    The comment has been removed

  • Anonymous
    July 23, 2007
    Hi I'm trying to install project 2007 but during setup I've got error message that first taks is completed but second is not This is a piece of my log: 07/23/2007 21:20:45  1  INF            Resource id to be retrieved is ConfigurationDatabaseTaskCreateFailConfigDisplayLabel for language English (United States) 07/23/2007 21:20:45  1  INF            Resource retrieved id ConfigurationDatabaseTaskCreateFailConfigDisplayLabel is Failed to create the configuration database. 07/23/2007 21:20:45  1  INF          Leaving function StringResourceManager.GetResourceString 07/23/2007 21:20:45  1  ERR          Failed to create the configuration database. An exception of type System.Security.Principal.IdentityNotMappedException was thrown.  Additional exception information: Some or all identity references could not be translated. System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.   at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)   at System.Security.Principal.NTAccount.Translate(Type targetType)   at Microsoft.SharePoint.Administration.SPProcessIdentity.GetMachineRelativeSecurityIdentifier(SPServer server, Boolean& isMachineAccount)   at Microsoft.SharePoint.Administration.SPProcessIdentity.GrantIdentityDatabaseAccess()   at Microsoft.SharePoint.Administration.SPProcessIdentity.Update()   at Microsoft.SharePoint.Administration.SPWindowsService.Update()   at Microsoft.SharePoint.Administration.SPFarm.CreateBasicServices(SqlConnectionStringBuilder administrationContentDatabase, IdentityType identityType, String farmUser, SecureString farmPassword)   at Microsoft.SharePoint.Administration.SPFarm.Create(SqlConnectionStringBuilder configurationDatabase, SqlConnectionStringBuilder administrationContentDatabase, IdentityType identityType, String farmUser, SecureString farmPassword)   at Microsoft.SharePoint.Administration.SPFarm.Create(SqlConnectionStringBuilder configurationDatabase, SqlConnectionStringBuilder administrationContentDatabase, String farmUser, SecureString farmPassword)   at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.CreateOrConnectConfigDb()   at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Run()   at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask() Any Idea ?

  • Anonymous
    August 03, 2007
    I tried to join second WFE. It rejects the user parameter of both local(svr2id1) & the first WFE ids(svr1id1).If I use local id, since the config DB contains different id, it rejects it. If I use the first WFE's id, the log file shows that it tries to get SID for the first WFE account on the current server & fails. Unless Microsoft gives some workaround for this, it's not going to work I guess.

  • Anonymous
    August 15, 2007
    The comment has been removed

  • Anonymous
    August 27, 2007
    fooshen! Great blog. Have you or anyone tried running full backup of MOSS farm using STSADM?

  • Anonymous
    October 16, 2007
    The comment has been removed

  • Anonymous
    November 21, 2007
    The comment has been removed

  • Anonymous
    November 28, 2007
    Hello, I used local workgroup account's credential, but it doesn't work. I received the following error: "The username entered must be the same as the database access account for the server farm you wish to join. Either choose <myfirstserver><myaccount> as the username or choose a different database name". I have the same account... but I'm on the second server... Do you know a workaround ?

  • Anonymous
    December 04, 2007
    The comment has been removed

  • Anonymous
    December 18, 2007
    The comment has been removed

  • Anonymous
    December 28, 2007
    The comment has been removed

  • Anonymous
    January 04, 2008
    The comment has been removed

  • Anonymous
    January 04, 2008
    The comment has been removed

  • Anonymous
    March 26, 2008
    The comment has been removed

  • Anonymous
    July 09, 2008
    Hey, great article...maybe you can help me a little bit...when i try to start the ssp i get the error "Server not joined to a farm"...the german original error is "Dieser Server ist nicht mit einer Farm verbunden"... I do not understand, because i ran psconfig and connected to the farm...the second interesting thing is that in central administration there´s only one server in the farm mentioned...the databaseserver... maybe you got a hint... regards florian

  • Anonymous
    August 29, 2008
    SharePoint without AD and clean database names and FBA

  • Anonymous
    October 23, 2008
    Ca fait un petit moment qu'avec plusieurs autres SharePointeurs, on discute de la meilleure configuration