2.2 Deploying the Multi-Domain Active Directory Driver

The Multi-Domain Active Directory driver shim must run on one of the supported Windows platforms. You can install the Multi-Domain Active Directory driver on either the domain controller or a member server. NetIQ recommends that you install the driver on the Windows Member Server to benefit the driver failover capability. If the driver is installed on a domain controller, failover for the hosted domain is not supported.

You can only run the Multi-Domain Active Directory driver either as an application or a service.

Before you start the driver installation, determine where you want to install the driver.

2.2.1 Remote Installation on Windows and Other Platforms

In a remote installation, you can install the .NET Remote Loader and the driver shim on the Active Directory domain controller and the Identity Vault and the Identity Manager engine on a separate server.

Figure 2-1 Remote Loader and Driver on the Domain Controller

This configuration is attractive if the Identity Vault and the Identity Manager engine are installed on a platform other than one of the supported versions of Windows.

Both types of remote installations eliminate the performance impact of hosting the Identity Vault and the Identity Manager engine on the domain controller.

2.2.2 Remote Installation on a Windows Member Server

NetIQ recommends that you use a three-server configuration. This configuration ensures the driver failover capability for the Multi-Domain Active Directory driver.

Figure 2-2 Remote Loader and Driver on a Windows Server

In this figure, the two Windows servers are member servers of the domain.