ECMToolbox v4.3.0.8 - MultiDomain Setup
This guide will document necessary assumptions and requirements if you would like to set up your ECMT install to authenticate for users across two different Active Directory (AD) domains.
Assumptions
You are only wanting to use ECMT across two different Active Directory domains.
Proper network connectivity is available between the Domain Controller(s) in both domains, and they can communicate as needed.
We will refer to the main domain that will host the ECMT application as AD1.
We will refer to the guest/user-only domain that will be accessing ECMT as AD2.
You cannot have two users from the different domains with the same username. For example, there cannot be a “jsmith” in AD1 and also a “jsmith” in AD2.
Requirements
AD1 will need to have the ECMT application installed and configured with AD Sync via Admin -> System Settings -> Active Directory Settings. Once installed and configured, a Two-Way Trust will need to be established between AD1 and AD2.
This can be accomplished utilizing Active Directory Domains and Trusts from a domain controller on AD1.
DNS will need to be properly configured between AD1 and AD2 to ensure that users from AD2 are able to access the ECMT Server that is hosted in AD1 via its hostname or FQDN, depending on your DNS.
Once DNS is configured properly the last thing you will need to do is create the group that will contain users from both domains.
The group must be created on AD1, and will need to have the following settings:
· Group Scope: Domain local
· Group Type: Security
If the Two-Way Trust has been setup properly, you should be able to add users/groups from both AD1 and AD2 to this group. The groups that are created in each domain for the users must be of the following settings:
· Group Scope: Universal
· Group Type: Security
Once users/groups from both domains have been added you will select this group to be synced to your ECMT Group under User Groups -> Select your ECMT Group -> Edit -> Active Directory Synchronization Group.
Users from both domains should be synced automatically as ECMT users if they are a part of the AD Synchronization Group.
Example Group Setup
CASO Knowledge Base