E.1 Configuring the Settings for the Multi-Domain Active Directory Driver

You can use the Multi-Domain Active Directory driver editor to accomplish the following tasks:

  • Add forests and configure domain connections for the Multi-Domain Active Directory driver.

  • Configure the driver with multiple domains within the same forest. The editor allows you to select the domains that you want to synchronize with Identity Manager.

  • Configure a Primary Domain Controller (DC) and a list of alternate DCs for each domain.

    In case of a primary DC failure, the driver tries to establish connection with the alternate DCs.

E.1.1 Adding Forests to the Multi-Domain Active Directory Driver

You must first add the forests to configure the domain connections.

  1. Open your project in Designer.

  2. From the Palette, drag and drop the Multi-Domain Active Directory driver icon to the desired driver set in the Modeler.

  3. In the Modeler, right-click the driver icon and select Multi-Domain Active Directory Configuration.

    The Multi-Domain Active Directory Configuration Editor displays.

  4. Click the icon to create a forest.

  5. In the Add Forest pop up window, fill in the following fields:

    • Forest Name: Specify the forest name. Ensure that you specify a logical forest name that is accepted by the Identity Vault.

    • Global Catalog Server: Specify the global catalog server address. You can specify the port number along with the IP address. For example, IP Address:port. The default port for clear text is 3268 and for SSL is 3269.

    • User: Specify the username in LDAP format. For example, CN=name,OU=employee,O=department.

    • Password: Specify the global catalog server password.

    • Secure Connection: Select this option to establish a secure connection with the global catalog server.

  6. Click OK.

    NOTE:This creates a new forest and adds the domains associated with the forest. By default, the root domain is added automatically. Designer displays the domains in the Available Domains list in the Forest Configuration tab.

  7. Repeat step 4 through step 6 to create multiple forests for the Multi-Domain Active Directory driver.

E.1.2 Configuring the Domain Connections

After adding the forest, use the following steps to configure the domain connections for each forest.

  1. In the Forest Configuration tab, select a desired domain from the Available Domains and move it to the Selected Domains list.

    The selected domains also display in the Forest tree view.

  2. Select the domain from the Forest tree view and proceed with the domain configuration.

  3. In the Domain Configuration tab, fill in the following fields:

    • Domain: Displays the selected domain name.

    • User: Specify the username.

    • Wait Period: Specify the interval that you want the driver to wait before re-establishing the connection with the next available domain controller during domain discovery failover. The default value is five minutes.

    • Domain Controllers: Specify the domain controller configuration. The options are:

      • Auto Discover: The Multi-Domain Active Directory driver supports automatic DC discovery during driver runtime. Select this option to automatically discover the nearest DCs during driver startup.

      • Configure Manually: Select this option to configure the preferred and secondary domain controllers. To configure manually, select the desired domain controller from the Available DCs list and move it to the Selected DCs list.

    • Exchange-MDB: Select the desired exchange mailbox database (MDB) that you want to provision to users in this specific domain from the Available Exchange-MDB list and move them to the Selected Exchange-MDB list. You can specify more than one mailbox database.

    • Trace File: Specify the trace file. All the driver traces for this domain will be logged in this specified file. If you leave this field blank, the driver trace will be logged in the default trace file.

    • Trace Level: Specify the trace level.

    • Trace File Size: Specify the size of the trace file.

  4. For the changes to take effect, click Save on the Designer toolbar.

IMPORTANT:After configuring the connection objects, deploy the connection object with the driver to the Identity Vault. After deploying it, link the connection objects to the Subscriber options in the Multi-Domain Active Directory driver configuration page.