Currently we are able to add users/groups from the customers local domain in the DMS, but we want to also add users/groups from a remote domain.
The local domain is linked to the remote domain via a domain trust, and that is working fine. Users from the remote domain can already login on Windows level. However, we do not find these users in DMS when we try and add these remote users/groups.
Are there some extra configurations that need to be done on the server in order to get these remote users/groups added in the DMS?
Hi Stacey,
I believe this can be achieved if there is a global catalog available in the multi-domain forest.
You can point DataMiner to this global catalog (which holds the information from all domains in the forest where there is a trust relationship).
Hi, I am working on this topic from system integrator side.
We do have bi-directional domain trust realtionship configured for the domains as mentioned by Stacey. User from Domain A (remote) can already be used on systems in Domain B (local) and vice versa. This is the case for OS level login.
Before configuring anything in DataMiner we are able to add users from Domain B (local). After configuring the LDAP setting of Domain A (remote) we are able to add users from Domain A as well, but not from Domain B anymore. Login is then possible for users from both domains.
- How can DataMiner be enabled to add users from Domain B again?
- Are account changes (like password changes, deletion of a user) in both domains also synchronized with DataMiner in this scenario?
- Is there a way to get users from both domains displayed in "add user" window?
I do not yet fully understand, where the difference is with a user logging in on OS level and a user logging in to DataMiner. My understanding is, that DataMiner relies on the same Windows authentification mechanism.
You could change the LDAP configuration to point to the remote domain, and import the users in DataMiner that way. After importing them in DataMiner, both users from the local and remote domain should be able to log in using their respective domain account.
I believe this is expected behavior, if you want to receive updates automatically you’ll have to configure trust relations between the different domains.
We tried changing the LDAP to point to the remote domain, imported the users and then changed back to the previous settings. And now we can log in with the user from the remote domain also.
But I believe that when a change would now happen to that user from the remote domain (e.g. password change) that this would not be picked up until we again change the LDAP to point to the remote domain again? Could you confirm it this is the case?