Are Separate Mid Servers required when discovering multiple domains that don't have a trust setup?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-01-2016 05:19 AM
Let's say we have Domain A in which the Mid server is installed on and we want to discover 2 other domains (Domain B and C) but Domain B and C don't have a trust with Domain A. Does this require a Mid Server in Domain B and Domain C in order to discover the servers on those domains? I know that discovery uses power shell to do impersonation for launching WMI queries but I am unsure of whether or not Domain B and C would be accessible from the Mid Server due to their being no trust relationship in place. Let me know what everyone thinks.
- Labels:
-
Service Mapping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-01-2016 05:53 AM
Robert,
It's not required because you can setup credentials that are domain specific.
- DomainA\discovery
- DomainB\discovery
- etc.etc.
If you are able to split out your ranges and schedules to target these domains, I would highly suggest creating multiple MID server instances and relate the individual instances to each Domain credential.
- Windows Server: MIDSRV
- 3 installations of MID servers: MIDSRVDomainA & B & C
- DomainA\discovery is used only by "MIDSRVDomainA"
- DomainB\discovery is used only by "MIDSRVDomainB"
- etc.etc.
If you are in the unfortunate boat of intermixing -- DomainB user travels to DomainA office -- then I'd rather suggest ordering your credentials based on who has more computer objects in that domain.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-01-2016 05:58 AM
Andrew,
Thanks for the quick response. I thought that what you outlined was how it worked. Do you now how the impersonation of that account works? So let's say you are running your Midserver on domain A and you tell it to use credential DomainB/username does it do the impersonation on the Midserver in domain A when it launches PowerShell or is it done when it actually connections to the server that is in DomainB? Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-01-2016 12:39 PM
It's using the DomainB credential during the WMI call. It does not affect the running service of the MID server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-05-2016 10:59 PM
Hi Andrew,
is there any alternate way to use a single MID server for multiple domains. as multiple MID servers for each domain will not be fixable.
Thanks in advance!