Home General Discussion

AD Connector

Manoj_MathewManoj_Mathew Member IT Monkey ✭
In SCSM is it possible to create an AD Connector to a Domain that does NOT have Trust with the domain that's hosting SCSM Infra.

Answers

  • Geoff_RossGeoff_Ross Cireson Consultant Super IT Monkey ✭✭✭✭✭
    Hi @Manoj_Mathew

    The quick response is 'I don't know'. You would have to try. But... the better response is 'What are you trying to achieve here?' There's no way to have users from an untrusted domain actually authenticate with SCSM and log in so all you are doing is adding user CIs into the database. And there could be easier ways to do this.

    Geoff
  • Manoj_MathewManoj_Mathew Member IT Monkey ✭
    Thx Geoff. I think its possible to get this done. Will try it out & Update.

    https://docs.microsoft.com/en-us/system-center/scsm/import-data-ads?view=sc-sm-2019

    Import data from other domains

    You can import data from domains other than the domain in which Service Manager resides. For example, Service Manager is installed in domain A (where the fully qualified domain name [FQDN] is a.woodgrove.com), and you want to import data from domain B (where the FQDN is b.woodgrovetest.net). In this scenario, you must think about how to specify the data source path and how to specify the Run As account.

    In domain B, either identify an existing service account or create a new one for this purpose. This service account must be a domain account and must be able to read from Active Directory Domain Services.

    Next, in Service Manager, create a new Active Directory connector in the Active Directory Connector Wizard. Follow these steps on the Domain or organizational unit page.

    To specify the data source path and Run As account

    1. Use the appropriate method, according to where the domains are located:

      • If the two domains are in the same forest, in the Server Information area, select Let me choose the domain or OU, and then click Browse to select the domain and organizational unit (OU).

      • If the two domains are in different forests, in the Server Information area, select Let me choose the domain or OU, and then type the domain and OU in the box. For example, type LDAP://b.woodgrovetest.net/OU=OU Name,DC=b,DC=woodgrovetest,DC=net.

    2. In the Credentials area, click New.

    3. In the Run As Account dialog box, in the User name, Password, and Domain boxes, type the credentials for the service account from the b.woodgrovetest.net domain.

Sign In or Register to comment.