Are Separate Mid Servers required when discovering multiple domains that don't have a trust setup?

robertgeen
Tera Guru

Let's say we have Domain A in which the Mid server is installed on and we want to discover 2 other domains (Domain B and C) but Domain B and C don't have a trust with Domain A. Does this require a Mid Server in Domain B and Domain C in order to discover the servers on those domains? I know that discovery uses power shell to do impersonation for launching WMI queries but I am unsure of whether or not Domain B and C would be accessible from the Mid Server due to their being no trust relationship in place. Let me know what everyone thinks.

7 REPLIES 7

A Westervelt
Mega Guru

Robert,



It's not required because you can setup credentials that are domain specific.


  1. DomainA\discovery
  2. DomainB\discovery
  3. etc.etc.


If you are able to split out your ranges and schedules to target these domains, I would highly suggest creating multiple MID server instances and relate the individual instances to each Domain credential.



  1. Windows Server: MIDSRV
  2. 3 installations of MID servers: MIDSRVDomainA & B & C
  3. DomainA\discovery is used only by "MIDSRVDomainA"
  4. DomainB\discovery is used only by "MIDSRVDomainB"
  5. etc.etc.


If you are in the unfortunate boat of intermixing -- DomainB user travels to DomainA office -- then I'd rather suggest ordering your credentials based on who has more computer objects in that domain.


Andrew,


Thanks for the quick response. I thought that what you outlined was how it worked. Do you now how the impersonation of that account works? So let's say you are running your Midserver on domain A and you tell it to use credential DomainB/username does it do the impersonation on the Midserver in domain A when it launches PowerShell or is it done when it actually connections to the server that is in DomainB? Thanks.


It's using the DomainB credential during the WMI call. It does not affect the running service of the MID server.


Hi Andrew,



is there any alternate way to use a single MID server for multiple domains. as multiple MID servers for each domain will not be fixable.



Thanks in advance!