Is it possible to configure NPM to access two different AD domains. We currently have NPM accessing a departmental AD which contains members of the department as well as customers. In the future will are going to move all of the internal user to the company AD. However, we want to maintain the customers in the other domain. That means we need to authenticate against two different domains. Is this possible?
Have you reviewed the following KB articles?
These are interesting. I assumed the SolarWinds server simply needed to be "domain joined" and that there had to be a trust between the multiple domains.
It shows what happens when I assume. Uff da!
Something is obviously wrong somewhere. When I try to create a new Windows individual account I have two options. One is to use the local network service to access the AD, the other is to use an account with "administrative access to Active Directory or local domain accounts". I found an article that says to circumvent this, temporarily deactivate the authentication through the AD. This worked with the domain originally configure (datacenter). If it is active and I try to search for users I get "Value cannot be null. Parameter name: password". When disabled I can search for and then add users.
When I try to create an account from another domain and the authentication through the AD is active, I again get the message "Value cannot be null. Parameter name: userName". When I disable authentication through the AD, I "No domain specified. Please enter search string in the format: Domain\Username." In the advanced AD settings I can successfully test the connection.
However, with the other company AD configured, I can still search for names in the datacenter domain. This indicates to me that SolarWinds can connect (thus the connection test is successful) but is querying the AD improperly.
I am now even more confused. According to SolarWinds support "Our current LDAP support implementation allows authenticating users just from single domain. We can authenticate users from multiple domains only via MSAPI." Is everyone here using MSAPI?
Here is how I do it...nothing special...
The account you use below needs admin right to SolarWinds and must be entered with the domain qualifier:
Then go to town...
I just started getting this exact same symptom... trying to figure out why it won't seem to query ad for a user group although the test seems to work. For me it's the same domain the server is joined to... it's not even another domain.
Yes it is possible. Our company recently created a new domain that's currently working and existing along side the old domain.
I became flooded with requests to give the new domain users permissions to login to the Orion Web Console.
I went ahead and tried to add them into SolarWinds via the Manage Accounts page: successful!
Asked them to try logging into the Orion Web Console with their new domain user account : successful!
Users from the old domain : still able to access the Orion Web Console
So, yes it is possible.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.