2.2 Deploying the Multi-Domain Active Directory Driver

The Multi-Domain Active Directory driver shim must run on one of the supported Windows platforms. You can install the Multi-Domain Active Directory driver on either the domain controller or a member server. NetIQ recommends that you install the driver on the Windows Member Server to benefit the driver failover capability. If the driver is installed on a domain controller, failover for the hosted domain is not supported.

You can only run the Multi-Domain Active Directory driver either as an application or a service.

Before you start the driver installation, determine where you want to install the driver.

2.2.1 Remote Installation on Windows and Other Platforms

You can install the .NET Remote Loader and driver shim on the Active Directory domain controller. And install the Identity Vault and the Identity Manager engine on a separate server.

Figure 2-1 Remote Loader and Driver on the Domain Controller

This configuration is attractive if your Identity Vault and Identity Manager engine installations are on a platform other than one of the supported versions of Windows.

Both types of remote installations eliminate the performance impact of hosting the Identity Vault and the Identity Manager engine on the domain controller.

2.2.2 Remote Installation on a Windows Member Server

NetIQ recommends that you use a three-server configuration. This ensures the driver failover capability for the Multi-Domain Active Directory driver.

Figure 2-2 Remote Loader and Driver on a Windows Server

In this figure, the two Windows servers are member servers of the domain.