Can we connect IDM to VIP of Active Directory for provisioning
Article ID: 130956
Updated On:
Products
CA Identity Manager
CA Identity Governance
CA Identity Portal
Issue/Introduction
Can we connect IDM to the VIP of Active Directory for provisioning.?
Initially we were connected to individual DC(s) (Domain Controllers.
We need to understand what would be best, either VIP or DC.
Can we connect IDM to the VIP of Active Directory for provisioning.?
Initially we were connected to individual DC(s) (Domain Controllers.
We need to understand what would be best, either VIP or DC.
Initially we were connected to individual DC(s) (Domain Controllers.
We need to understand what would be best, either VIP or DC.
Can we connect IDM to the VIP of Active Directory for provisioning.?
Initially we were connected to individual DC(s) (Domain Controllers.
We need to understand what would be best, either VIP or DC.
Environment
Release:
Component: IDSVA
Component: IDSVA
Resolution
When configuring Active Directory endpoints, specify the AD domain controller address, not the VIP.
When creating AD Accounts, it is multi-step process (i.e. create account, set pwd, set useraccountcontrol, set groups, set other attr, create mailbox).
What happens if the requests get spread out to different DCs, is that you can
end up with replication latency and collision objects.
The AD Connector provides a failover list of DCs so you should just point to DCs and have the backup DC list.
When creating AD Accounts, it is multi-step process (i.e. create account, set pwd, set useraccountcontrol, set groups, set other attr, create mailbox).
What happens if the requests get spread out to different DCs, is that you can
end up with replication latency and collision objects.
The AD Connector provides a failover list of DCs so you should just point to DCs and have the backup DC list.
Feedback
Yes
No
Powered by
