I have an IEM Server relay and client setup in the same domain and forest. Have a requirement to manage additional relay and client in a different domain and forest. Can this be done. If yes what are the requirement to archive that. Appreciate your assistant.
1 Like
No special requirement. The BES Client determines the AD path for the computer and the console displays the OUs for you.
I have computers in 3 AD trees across 2 Forests
1 Like
I have previously used BigFix in an environment with many different AD, some in the same Forest, others separate.
BigFix just works in this case, which was part of the reason for selecting the product.
Thanks @TimRice and @jgstew for your answers. I also got a write out from PMR folks. Just for sharing.
The client’s connection with either its relay or server parent does not require domain trust to be established first. It relies solely on http connectivity (so the TCP/IP network does need to be available).
However, for consoles connecting to the server in domain A (for example) where a console operator in domain B is connecting using AD/LDAP authentication, then yes, trust needs to be established between domain A and domain B so that authentication can take place. You would need to set up LDAP directories within the console for each domain.
If you don’t have many operators and don’t add or remove them often, then you can just create operator accounts by hand instead of having them tied to AD/LDAP.
Another option is that you require all operators to have a separate user account in the primary domain used for console authentication.
Any of the options for managing console users has its advantages and drawbacks.