Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/03/2022 03:01 AM
Hi All,
We have a scenario where the AD structure has nested domain similar to (parentdomain.myorg) and then a child domain (child.parentdomain.myorg). All the objects are created and managed within child domain. The root domain has only domain admin accounts to manage these domains. Our intention is to import accounts and access available in the child domain in to Saviynt.
However, the documentation https://saviynt.freshdesk.com/support/solutions/articles/43000586673-saviynt-for-microsoft-active-di... mentions that the AD Connector is to be used with Single Domain whereas ADSI connector to be used for multiple domain and/or forest. But it does not provide clarity on whether AD connector treats parent-child trusted domains as Single domain.
So, need if anyone of you had integrated using AD Connector (not ADSI) to integrate with the root or parent domain (i.e. parentdomain.myorg) to support importing user accounts/user groups from child domain (i.e. child.parentdomain.myorg) into Saviynt EIC? AD user configured on the connector will have access to child domain.
Thanks & Regards,
Mani
Solved! Go to Solution.
08/09/2022 12:40 AM
Hi @manigkannan ,
Please refer to the following documentation. This should give you more insights :
https://saviynt.freshdesk.com/support/solutions/articles/43000586673-saviynt-for-microsoft-active-di...
From the use case you listed, you can just use the AD connector and connect to the child domains and bring in the accounts and groups. There is not a need to connect to the parent domain unless there is an IGA use case for it.
08/09/2022 09:27 PM
Hi Sahaj,
Thank you for the response and confirming to use AD connector to integrate with the child domain domain directly.
Regards,
Mani