-
Title
How to configure Active Directory Sites in Password Manager -
Description
How are Active Directory (AD) sites configured and changes propagated in a domain connection -
Resolution
Adding Sites
If there are multiple sites in your Active Directory domain and you want changes that occur in one site to get replicated immediately to other sites then you should specify those sites in the Advanced Settings tab of the Domain Connection.
For example: If you had two sites called Moscow and Dublin. A user in Dublin locks their account. The helpdesk operator in Moscow unlocks the users account but because these happen in two different sites the user in Dublin doesn't see that the account has been unlocked until the changes done in the Moscow site are replicated by AD to the Dublin site. The user has to wait.
However if you add the Dublin site to the Domain Connection/Advanced Settings tab then the change made in Moscow would be immediately replicated to the Dublin site and there would have been no delay for the user.
Propagating Changes.
Once you have decided which sites you want changed replicated to you should then decide what changes you want propagated across the sites.
- Account-Related Changes
Select this option to propagate information about unlocking and enabling user accounts in Active Directory. It is recommended to use this option when a managed domain has users in multiple Active Directory sites.
- Q&A Profile-Related Changes
Select this option to propagate information about editing, locking and unlocking Q&A profile, and passcodes issued by help desk. It is recommended to use this option when users and Password Manager Service use domain controllers from different sites. In this case, if a helpdesk operator assigns a passcode to a user (via the domain controller in one site), and then the user attempts to use the passcode on the Self-Service (via the domain controller in another site), the user may encounter the issue when the information about the passcode has not been replicated yet because of intersite replication latency.
- Password-Related Changes
Select this option to propagate information about changing or resetting user password. For more information
Applying The Changes
If site changes are made to the default domain connection in General Settings > Domain Connections then these changes will be applied everywhere the connection is used.
If however you make the changes to a specific scope in a specific management policy then you have the option of applying those changes to that scope only or else applying it everywhere the connection is used.
If the settings are applied to an individual scope only then that will appear as a new domain connection in General Settings > Domain Connections.
For detailed information on Active Directory Sites please refer to the Password Manager Admin Guide.