0 votes

Our Adaxes server is currently used to manage only one hybrid domain. We're looking to add a second (AAD / cloud only) managed domain, but our existing Adaxes instance was never configured with that in mind.

When I added the second managed domain as a test, all of our existing roles, business rules, etc. included the new domain in their scope, and our help desk users were able to perform actions against users in the new domain immediately, which we do not want.

It seems like it would take considerable effort to exclude the new domain from all the existing items and retrofit everything to support two managed domains with different requirements (security roles and such).

My thought was that I'd instead take this opportunity to spin up a second server on a trial license, configure Adaxes again from scratch with support for multiple domains in mind, then move our license to the new server when we're ready to cut over.

Is this an allowable use case for a trial license?

Can two independent Adaxes instances manage the same domain (so the new server can be configured without impacting functionality on the existing server)?

Is there a better way to add a second managed domain to our existing server and configure it "behind the scenes" without that domain and its objects being visible to our users immediately?

Thanks.

by (20 points)

1 Answer

0 votes
by (284k points)

Hello,

Is this an allowable use case for a trial license?

Yes, it should work just fine.

Can two independent Adaxes instances manage the same domain (so the new server can be configured without impacting functionality on the existing server)?

Yes, sure. You can have multiple separate instances of Adaxes service managing the same domain and not impacting each other.

Is there a better way to add a second managed domain to our existing server and configure it "behind the scenes" without that domain and its objects being visible to our users immediately?

The two approaches you mentioned are the only ones. There is just no other way except for adjusting the corresponding scopes. At the same time, rather than starting from scratch on the new server, you can back up/restore your configuration, remove all the scopes and assignments from Adaxes configuration objects (security roles, business rules, etc.) and proceed with configuring them according to multiple domains management.

0

Will restoring server 2 from server 1's backup interfere with server 1's license, or will server 2 still have a trial license for 30 days after the restore?

0

Hello,

Licenses are not included in Adaxes backups. As such, the restore will not have any influence on the corresponding Adaxes instance licensing.

0

Thanks.

Assuming we go this route and server 1 continues to be used while server 2 is being configured, would there be any way to migrate records of actions/approvals that occurred on server 1 between when the backup was taken and when we cutover to using server 2? Or would we be stuck with that gap in our logs?

0

Hello,

Unfortunately, there is no way to transfer log records without a full replace of the existing ones. The only option is to directly configure both services to use an external MS SQL database: https://www.adaxes.com/help/EnableExternalDatabaseLogging. However, you will see log records from both services when connected to either of them while they are both in place.

As for approval requests, you can try using the steps from section How do I transfer pending approval requests of our installation guide: https://www.adaxes.com/help/InstallationGuide/#transfer-pending-approval-requests.

Related questions

0 votes
1 answer

hello, We are doing poc for Adaxes software. Our need: Adaxes as front end to manage multiple isolated domains with no trust e.g. Domain A, Domain B. We deployed ... domain B always gives error "User or password is not correct". Is this toplogy supported

asked Jul 11 by VBahubali (40 points)
0 votes
1 answer

We have two on-prem domains; Domain A and Domain B. Domain A is our primary domain and syncs with Azure AD. Domain B contains accounts created for external ... user attempts to authenticate, they are only authenticating against the Domain B on-prem domain?

asked Apr 10 by awooten (80 points)
0 votes
1 answer

Hi, We would like to run an AD sync (Start-ADSyncSyncCycle -PolicyType Delta) after a new user is created. Unfortunately, it looks like this script only works for servers that ... in any of the domains. What is the recommended way to achieve this? Thanks, Max

asked Sep 7, 2023 by mcutlyp (40 points)
0 votes
1 answer

In order to add a managed domain does it have to be trusted by the primary domain adaxes is installed an running in? I have set up a domain for testing adaxes and it ... I have set my host file to point the untrusted domain to it's primary Domain Controller.

asked Oct 5, 2022 by mightycabal (1.0k points)
0 votes
1 answer

Hello, I have Adaxes installed in one forest (domain.com) and we have a 1 way forest trust with another forest (ca.domain.com). I have made the Adaxes service account in ... .com I get the same error. Could someone help me understand what I'm doing wrong?

asked Jun 6, 2016 by drew.tittle (810 points)
3,504 questions
3,196 answers
8,148 comments
547,431 users