03-18-2020 06:19 PM
One of my customer is been acquired by a much bigger company.
they are in the middle of AD migration from their old root domain to new root domain.
Their firewall has existing AD integration with old root domain AD, with user mapping and WMI Authentication. and users are using it actively. For me to add a new AD integration sitting in a new different root domain, i need to add usermapping and enter username and password in WMI authentication as i dont have an option to add more than one, am afraid it will overwrite the existing one and impact the active users still connected to old AD, in their old root domain.
Before i ask them to wait until they finish AD migration to their new root domain, and we clean up the WMI authentication in the firewall for it. We cant add their new AD in new root domain and run in parallel, can any experts here, help me with the advise please. I have logged a ticket with support on the same topic to advise. if i get a response i will update here in this topic.
04-26-2020 09:08 PM
To Answer my own question, two AD with different root domains agentless can be integrated and works fine.
03-18-2020 06:55 PM
This is only a limitation of the built-in user-id agent; if you setup the agent on antoher Windows machine the firewall can pull information from two different domains easily.
03-18-2020 07:34 PM
Thanks @BPry So WMI authentication in user mapping is not really a show stopper to pull the user details from AD sitting in different domain, it must be something else, because of which i cant pull the user details in group mapping?
03-18-2020 08:09 PM
To verify that what I'm saying was understood; if you want to pull data from two different domains you would do this by installing the standalone user-id agent on windows server, instead of using the integrated user-id agent on the firewall. You would simply configure the firewall to connect to these windows-based user-id agents and pull the information from these agents.
04-26-2020 09:08 PM
To Answer my own question, two AD with different root domains agentless can be integrated and works fine.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
