8 Replies Latest reply on Feb 26, 2018 9:54 AM by robert.poreba

    NPM authentication with two AD domains

    jamesmohr

      Is it possible to configure NPM to access two different AD domains. We currently have NPM accessing a departmental AD which contains members of the department as well as customers. In the future will are going to move all of the internal user to the company AD. However, we want to maintain the customers in the other domain. That means we need to authenticate against two different domains. Is this possible?

        • Re: NPM authentication with two AD domains
          mbird

          Yes, just add your credentials and make sure the domain networks can both talk to wherever (network/VLAN) your SolarWinds server is.

          • Re: NPM authentication with two AD domains
            ekis

            Yes it is possible. Our company recently created a new domain that's currently working and existing along side the old domain.

            I became flooded with requests to give the new domain users permissions to login to the Orion Web Console.

            I went ahead and tried to add them into SolarWinds via the Manage Accounts page: successful!

            Asked them to try logging into the Orion Web Console with their new domain user account  : successful!

            Users from the old domain : still able to access the Orion Web Console

            So, yes it is possible.

            • Re: NPM authentication with two AD domains
              mlandman

              SolarWinds is domain agnostic. That is why you need a domain qualifier in your login:

              abcd\a.smith

              or

              xyz\b.rubble

              • Re: NPM authentication with two AD domains
                jamesmohr

                Something is obviously wrong somewhere. When I try to create a new Windows individual account I have two options. One is to use the local network service to access the AD, the other is to use an account with "administrative access to Active Directory or local domain accounts". I found an article that says to circumvent this, temporarily deactivate the authentication through the AD. This worked with the domain originally configure (datacenter). If it is active and I try to search for users I get "Value cannot be null. Parameter name: password". When disabled I can search for and then add users.

                 

                When I try to create an account from another domain and the authentication through the AD is active,  I again get the message "Value cannot be null. Parameter name: userName". When I disable authentication through the AD, I "No domain specified.  Please enter search string in the format:  Domain\Username."  In the advanced AD settings I can successfully test the connection.


                However, with the other company AD configured, I can still search for names in the datacenter domain. This indicates to me that SolarWinds can connect (thus the connection test is successful) but is querying the AD improperly.

                • Re: NPM authentication with two AD domains
                  robert.poreba

                  Hi,
                  I'm wondering if this one has every been resolved?
                  ie. can NPM authenticate users using more than one domain or not?