Basics for managing Authentication Services during a domain migration. (4267762)

NOTE: Domain Migrations tend to be complex and the exact steps required can change depending on the plan being executed in a specific environment. For assistance planning or for specifics for your environment it is strongly recommended that Professional Services be engaged for consultation. To engage Professional Services please contact your Account Representative or this location.

RESOLUTION: The initial consideration for ensuring users are able to login in is to successfully setup and configure Authentication Services for use in a two way trust environment. Typically a domain migration will use a two way trust model.

If a one way trust setup will be used this knowledge base article will be useful.

One Way Trust Configuration

For Two Way trust configurations a typical setup can be seen in the following articles. The first contains a demonstration video.

Two Way Trust Setup Video

Two Way Trust Setup Document

These configurations should be sufficient to ensure that a user account in either domain can authenticate to the host in question. Additional considerations would be concerning identities and authentication order. For example if we have domain exampleA and domain exampleB you may want to specify which domain is authenticated first in the case of a duplicate username.

The vas.conf setting ‘alt-auth-realms’ can be used to manage which domain is given preference. In the below example if user1 existed in both domains then the account in exampleA.com would be authenticated first.

[vasd]

alt-auth-realms = exampleA.com,example.com

Alternatively you can use override entries to change the settings for users in a specific domain. Information on override options can be seen here in our documentation.

Override Information