Recently I’ve been working on using the Metacoda Identity Sync Plug-in to synchronize SAS platform identities (users and groups) with their counterparts from multiple Microsoft Active Directory (AD) Domains contained within a single Forest. In a future post I’ll talk about extending this to multiple domains from multiple trusted forests.
In the recent Metacoda Plug-ins 5.0 R5 release there have been a few enhancements to make it easier to sync with multiple domains (and avoid using custom code hooks):
- Members of “Included Groups” are followed into other domains within the same forest.
- You can opt to prefix the SAS User and Group names with the NetBIOS domain name. You might choose to do this if you have any users or groups in different domains with the same sAMAccountName and want to avoid non-unique user/group name validation errors when they get to the SAS platform.
- There are more user login options available to help appropriately qualify the inbound login for the SAS user using the domain of the Active Directory user.
I’ll show a relatively simple example. This might help other people who need to sync SAS users from multiple AD domains. The diagram below summarizes the Active Directory deployment: Continue reading “Identity Sync: Multiple Active Directory Domains (Single Forest)”