0 votes

Hello,

Trying to figure out how I would need to do this: We have a local domain, and a second domain that is on the other side of an unreliable wan link (very rural location). Would we be better off installing a second copy of Adaxes on the remote domain? And is this ok to do?
We have about 75 users locally and 25 in the remote domain. If I have 100 licenses, can I do this? Or do I need to buy 2 sets of 100 licenses?

Thanks very much,
Jason

by (540 points)

1 Answer

0 votes
by (270k points)
selected by
Best answer

Hello,

Would we be better off installing a second copy of Adaxes on the remote domain? And is this ok to do?

It is a general recommendation by Microsoft not to install any 3rd party software on a DC, thus we usually don't recommend installing Adaxes on DCs. However, if you need to install it on a DC, you can do that without any issues. Installation on a DC is supported.

If I have 100 licenses, can I do this? Or do I need to buy 2 sets of 100 licenses?

Having a single license for all instances of Adaxes services requires sharing configuration between them. It is possible if there is connection between the networks. For information on how to share service configuration, have a look at our Installation Notes: http://www.adaxes.com/resources/InstNot ... structions.

0

Thanks for your response.

Does that mean (like in my example) that if I was at the remote site and the wan link was down, I could still make changes in Adaxes and those changes would replicate back to the main site once the connection was back up?

Thanks,
Jason

0

Hello Jason,

When performing changes in Active Directory, Adaxes Service connects to the nearest DC available. Thus, if you install an instance of Adaxes Service in the remote site, it will connect to the local DCs and perform the changes there. Then, those changes will be replicated to your main site via normal AD replication.

As to changes in Adaxes configuration, Adaxes uses an instance of AD LDS as its configuration storage server. Adaxes configuration replication is made by means of AD LDS replication. It is very similar to AD DS as they are based on the same engine. Thus, if the link goes down for several minutes or hours, this should not make a huge issue. The only thing we would recommend is to track the AD LDS logs for lingering objects and failed attempts to replicate, the same as you would normally do with AD DS replication.

0

This would be for a second (separate) domain, not a second Domain Controller. 2 domains, one local and one remote.

0

Hello,

Do those domains belong to the same forest? Do they have any trusts between them?

0

They do not have any trust between them and different forests, they are completely separate. Part of a business merger, some of that could change in the future but probably not for a while.

Thanks very much,
Jason

0

Hello Jason,

In this case, you will need to purchase a separate license for the second instance of Adaxes service. Also, there will be no possibility for instances of Adaxes service to share their configuration. This means that if you configure anything in one of the 2 instances, like a Business Rule, Security Rule etc, it will not be copied over to the 2nd instance automatically. You will need to do that manually.

0

Thanks very much for your help.

Related questions

0 votes
1 answer

Given Scenario: Adaxes domain user is remote with his laptop and has adaxes self service client installed on Windows and is enrolled for self service via Adaxes. We ... get updated when a user initiates password reset/change password from the lock screen ?

asked Nov 2, 2020 by rsaran (70 points)
0 votes
1 answer

Hi! We have a one way trust setup to our external servicedesk, they have accounts in their own domain that we trust through a one way trust. How can we let their accounts use ... to edit stuff in their domain and not our own domain. What have I missed? /Kaj

asked Dec 18, 2017 by KajLehtinen (650 points)
0 votes
1 answer

We have a potential use-case to connect our existing Adaxes install to a secondary AD domain (over a "VPN" with no IP broadcast availability). I know managing multiple AD' ... domain and defining a set DC to connect to intially and for all future actions. Rgds

asked Jan 18, 2017 by firegoblin (1.6k points)
0 votes
1 answer

Currently thought we have enabled MFA on self service policy, the MFA is only prompted for self-service login, but not for 'forget password link' Is there a way when users ... link and try to reset their password, can we have mandatory MFA for this section.

asked Mar 29, 2023 by Vish539 (310 points)
0 votes
1 answer

We have implentend Adaxes in our infrastructure and users who use forget their password link via Adaxes self service portal by going thorugh the registered Q&A are being prompted to ... by a specific business rule, I am unable to check this via the log

asked Mar 14, 2023 by Vish539 (310 points)
3,326 questions
3,026 answers
7,727 comments
544,678 users