Active Directory Service

Active Directory is a central component of the network architecture on certain Windows operating systems. Active Directory provides a directory service specifically designed for distributed networking environments.

This section describes the conceptual steps to configure Pervasive PSQL in an environment that has Microsoft Active Directory service installed and functioning correctly.

Ensure that Active Directory service is installed and functioning correctly before you install Pervasive PSQL into the environment.

Server and Client Support

Pervasive PSQL Server runs on supported Windows Servers within an Active Directory environment. The Pervasive PSQL client runs on all supported Windows platforms within an Active Directory environment.

Directory and File Permissions

The database engines enforce directory and file permissions set at the operating system level. An Active Directory environment does not change this behavior. For example, if you set “read only” permission on a Pervasive PSQL table file, you will be unable to write to the table.

Microsoft Terminal Services Support

Pervasive PSQL Server engines are supported for use with Microsoft Terminal Server running within an Active Directory environment. For more information about Terminal Services, see Terminal Services.

Pervasive Administrative Authority

Active Directory service manages the security of the network. You must grant the correct access authority at the operating system level to users who need Pervasive administrative privileges.

See Active Directory Tasks for the general steps to set access authority. Users must have the following authority on the machine running the database engine:

•

Log on locally

•

Administrator privileges or belong to the Pervasive_Admin group

You can grant the Log on locally authority directly to a user or to the Pervasive_Admin group (and add the user to the group).

You can create the Pervasive_Admin group on the machine running the database engine (the local machine), on the domain controller for the local machine, or on both. The database engine checks privileges first on the domain controller for the local machine then on the local machine.

An example helps illustrate this. Suppose you have two servers in your domain that run the Pervasive PSQL database engine, Server A and Server B. You could create a Pervasive_Admin group on each server and on the domain controller. You then add User 1 to the group on Server A, User 2 to the group on Server B, and User 3 to the group on the domain controller. User 1 has administrative privileges for the database engine only on Server A. Similarly, User 2 has administrative privileges only on Server B. User 3, however, has administrative privileges for the database engines on both Server A and Server B.

If you create the Pervasive_Admin group on a domain controller, then the group must be a domain local group. If you create the Pervasive_Admin group on a machine that is not a domain controller, then the Pervasive_Admin group must be a local group.

Active Directory Tasks

This section explains the conceptual tasks needed to ensure users have Pervasive administrative privileges through the Pervasive_Admin Group. The tasks assume that you are setting privileges on the domain controller for the machine running the database engine. Refer to the operating system documentation for specifics on using Active Directory and groups and users.

Create the Pervasive_Admin Group on the Domain Controller for the desired domain. That is, the domain for the machine running the database engine.

Specify Pervasive_Admin for the Group name.

Set the Group scope to Domain local. Do not use Global or Universal.

Add users to the Pervasive_Admin group, then ensure that the users appear as member of the group.

Add the Pervasive_Admin group to the Log on locally privileges for the desired domain.