This article applies to:
- WebMarshal 6.X or 7.X
- Microsoft Active Directory
Question:
- Can WebMarshal authenticate users in multiple Active Directory domains?
- What are the trust requirements for WebMarshal to authenticate AD users?
- What are the connectivity requirements for WebMarshal in Active Directory environments?
Information:
WebMarshal includes a native Active Directory connector. You can import groups from Active Directory to control browsing through WebMarshal.
Connectivity
- All WebMarshal components must be on computers joined to Active Directory. This includes the Array Manager and any separate Processing Servers.
Domain browsing and group import
- The WebMarshal user interface only allows you to browse one domain at a time. However, you can import groups from other domains by typing the fully qualified name information for each group.
Domain Trust Scenarios
WebMarshal can import groups and authenticate users from AD domains in the following scenarios:
- Single domain
| Domains: |
DOMAIN1 |
| |
Single Domain |
| WebMarshal Domain: |
DOMAIN1 |
| Users: |
DOMAIN1\User1 |
| Result: |
DOMAIN1\User1 can authenticate with WebMarshal. |
- Subdomain
| Domains: |
DOMAIN1
DOMAIN2 |
| |
DOMAIN2 is a subdomain of DOMAIN1 |
| WebMarshal Domain: |
DOMAIN1 |
| Users: |
DOMAIN2\User1 |
| Result: |
DOMAIN2\User1 can authenticate with WebMarshal. |
- Sibling domain
| Domains: |
DOMAIN1
DOMAIN2
DOMAIN3 |
| |
DOMAIN2 and DOMAIN3 are subdomains of DOMAIN1 |
| WebMarshal Domain: |
DOMAIN2 |
| Users: |
DOMAIN3\User1 |
| Result: |
DOMAIN3\User1 can authenticate with WebMarshal. |
- Two way trust relationship
| Domains: |
DOMAIN1
DOMAIN2 |
| |
DOMAIN1 and DOMAIN2 are independent domains, with a two way trust between them. |
| WebMarshal Domain: |
DOMAIN1 |
| Users: |
DOMAIN2\User1 |
| Result: |
DOMAIN2\User1 can authenticate with WebMarshal. |
- One way trust outbound
Results depend on the version of WebMarshal installed.
| Domains: |
DOMAIN1
DOMAIN2 |
| |
DOMAIN1 and DOMAIN2 are independent domains, with a one way trust between them.
DOMAIN1 trusts DOMAIN2. |
| WebMarshal Domain: |
DOMAIN1 |
| Users: |
DOMAIN2\User1 |
| Result: |
WebMarshal 6.5.5 and above:
DOMAIN2\User1 can authenticate with WebMarshal.
WebMarshal 6.5.3 and below:
DOMAIN2\User1 cannot authenticate with WebMarshal. |
Unsupported scenarios
WebMarshal CANNOT import groups and authenticate users from AD domains where there is no explicit trust. The following scenarios are NOT supported:
- One way trust inbound
| Domains: |
DOMAIN1
DOMAIN2 |
|
DOMAIN1 and DOMAIN2 are independent domains, with a one way trust between them.
DOMAIN2 trusts DOMAIN1. |
| WebMarshal Domain: |
DOMAIN1 |
| Users: |
DOMAIN2\User1 |
| Result: |
DOMAIN2\User1 cannot authenticate with WebMarshal. |
- Subdomain of trusted domain
| Domains: |
DOMAIN1
DOMAIN2
DOMAIN3 |
|
DOMAIN1 and DOMAIN2 are independent domains, with a two way trust between them.
DOMAIN3 is a subdomain of DOMAIN2. No explicit relationship exists between DOMAIN3 and DOMAIN1. |
| WebMarshal Domain: |
DOMAIN1 |
| Users: |
DOMAIN3\User1 |
| Result: |
DOMAIN3\User1 cannot authenticate with WebMarshal. |