ArcGIS Server 10.1 with Forest with Multiple Domains

JoseSousa · ‎08-15-2012

Hi,

Is it possible to configure ArcGIS Server for 10.1 with AD authentication in a organization with a forest made of multiple domains?
If so, is there any help guide on how to accomplish that?

Thanks,
Jose

BubbaHey · ‎08-16-2012

I've never done it, but here are some links that may help:

http://support.esri.com/en/knowledgebase/whitepapers/view/productid/194/metaid/1896

http://resources.arcgis.com/en/help/main/10.1/index.html#//0154000005qz000000

http://resources.arcgis.com/en/help/main/10.1/index.html#//0154000005n9000000

JoseSousa · ‎08-16-2012

Hi Bubba,

I am not interested in allowing the setups to become available to the several domains in the forest. I just want AGS Manager 10.1 to stablish a connection with the entire forest and retrieve their users and groups to enable AD security not just those ones of a particular domain.

Regards,
Jose

JoseSousa · ‎08-16-2012

Done.

Could solve it at the DB level but have done it creating a superstructure hosting all the users and groups from multiple domains.

Regards,
Jose

Esri_Sverige_SupportSweden · ‎09-26-2012

Done.

Could solve it at the DB level but have done it creating a superstructure hosting all the users and groups from multiple domains.

Regards,
Jose

Hi Jose,

Think you could explain a bit more how you did that?

Regards, Tony

JoseSousa · ‎09-28-2012

Hi Tony,

Unfortunately ArcGIS Server does not seem to support a forest with multiple domains (unless there is a workaround that I am not aware).

I suggest you have a talk with the System Administrator to create a nested group and load all domains to that group. You will require an account of a member that can see them all. That account is then used in ArcGIS Server Manager for accessing the nested group.

Regards,
Jose

JoshuaDalton · ‎08-13-2014

Jose, I'm not a domain admin, and I'm not sure how this nested group you mention would be configured. Do you recall how you laid this out and can you explain further?

Esri_Sverige_SupportSweden · ‎10-01-2012

Hi Jose,

Ah alright, thanks for the info!

Regards, Tony

MuryadiOey · ‎10-30-2012

Hi Tony,

Unfortunately ArcGIS Server does not seem to support a forest with multiple domains (unless there is a workaround that I am not aware).

I suggest you have a talk with the System Administrator to create a nested group and load all domains to that group. You will require an account of a member that can see them all. That account is then used in ArcGIS Server Manager for accessing the nested group.

Regards,
Jose

I don't think it works as nested. I tried to add domain local group into Administrator role type, it didn't work. It didn't populate Role Members if you add a domain local group. but it works if it is global group. (all in Windows)

JustinRodriguez · ‎03-11-2013

I don't think it works as nested. I tried to add domain local group into Administrator role type, it didn't work. It didn't populate Role Members if you add a domain local group. but it works if it is global group. (all in Windows)

You can make this work, but the solutions are NOT SUPPORTED by ESRI.

1. For Domains that are 2003 and before, Microsoft ADAM
2. For Domains that are 2008 and above, ADAM is called ADLDS

3. For LDAP users, you can create a new LDAP, Sync all of the users from your other LDAP Servers, and then point to the New LDAP ser for Authentication.

There might be others, but these are the ones that I know about. The reason these aren't supported is that they are too heavy into Domain/LDAP Administration. Also, no one from ESRI has officially tested these, so there could be some unexpected results, but from what I have seen it seems to work without issue.