Minor changes are by default collapsed in the page history.
No changes
The page does not exist yet.
Failed to load changes
Version by on
Leave Collaboration
Are you sure you want to leave the realtime collaboration and continue editing alone? The changes you save while editing alone will lead to merge conflicts with the changes auto-saved by the realtime editing session.
Configuring Active Directory child domains
When configuring Active Directory child domains, you can use either the securityconfig tool (the recommended method), or you can manually edit the services.cfg file.
When using the securityconfig tool, you must first configure the Application Service to connect to the parent Active Directory domain, and then modify the ads_port property in services.cfg, as described in the following list of requirements and restrictions.
Requirements and restrictions for configuring the ads_port property:
The Active Directory User Principal Name (UPN) for all users must use a suffix matching the ads_domainname property in services.cfg (for example, userName@my.ad.domain, where "ads_domainname=my.ad.domain").
You must change the ads_port property in services.cfg to the global catalog ports of the domain controllers, LDAP port 3268 and LDAPS on port 3269. Using the default LDAP port (389) causes slow logins, while using LDAPS on port 636 does not work.
BMC recommends that you not specify the domain name as ads_hostname property in services.cfg. Define the set of domain controllers hosting the global catalog role instead, unless every domain controller in the domain is hosting the global catalog role, in which case the domain name can be used.
Note that logins from domains in the same Active Directory forest but different domain tree and logins from domains, which are trusted but from a different forest, are not supported.
