Community Tip - Your Friends List is a way to easily have access to the community members that you interact with the most! X
Hi all, Can I have my Integrity/MKS environment authenticate against multiple domains?
Hello Marshall,
This functionality is covered by CS84458. Contact PTC Integrity Lifecycle Management Support to add your organization to this enhancement request.
This use case used to be addressed on XP or Windows Server 2003 by using Microsoft Windows Active Directory Application Mode (ADAM), which was described here
(link no longer works): http://www.microsoft.com/windowsserver2003/adam/default.mspx
On Windows Server 2008, ADAM has been replaced by AD LDS (Active Directory Lightweight Directory Service), which is described here:
http://technet.microsoft.com/en-us/library/cc732019.aspx
For a description, see:
http://technet.microsoft.com/en-us/library/cc754361(v=ws.10).aspx
Regards,
Kael
Thanks Kael, I'll take a closer look at LDS and see if its an option, maybe even for some other apps with the same issue.
If by multiple domains you mean multiple child domains, then yes this is possible. For example, if you have a top-level Active Directory forest of company.com and the following child domains:
Integrity can be configured to follow referrals between the child domains under company.com using enumeration in security.properties.
For more details on enumeration, see the Integrity Server Administration Guide.
If you want to authenticate against multiple top-level forests (company.com and otherdomain.com) then you would have to implement an AD aggregator like ADAM as Kael mentioned.
Hi Joe, unfortunately this involves two completely separate forests as we were acquired by a larger company recently.
All of our current MKS/Integrity/Implementer users authenticate to our existing AD domain but we're graduating applications and systems toward the new(to us) parent company's AD domain which also uses its own ticket/change management system different than PTC.
So I'm not really sure what the plan will be going forward... continue to use PTC or swap over to theirs, SCCM if I'm not mistaken.
But for now, the easiest thing to do with a new user is create them an account in the old/existing domain but not sure how long I'll be able to do that....
Thanks for the contributions!!
Marshall,
Your life will be much easier when you do have to migrate to the new domain if you can ensure that the user IDs are the same between the old and new domain (well, the part before the domain, specifically). CS156619 looks like it covers some of the considerations of moving to a new domain, including LDAP.
Regards,
Kael