Starting in v.2.95.0, an experimental setting was added to the Domain Connector to speed up Domain Controller replication. When this setting is enabled, the Domain Connector gets a list of all the Domain Controllers when a user enrolls in Desktop Login. Then, the Domain Connector will attempt to modify the user records on all of the detected domains explicitly. When a user unenrolls from Desktop Login, Domain Controller replication will be used.
To enable this feature
- Download and install the Beyond Identity Windows Desktop Login Domain Connector.
- Go to https://app.byndid.com/desktop-login/downloads and click Download Domain Connector (.msi).
- Install the Domain Connector on a Windows server.
- Go to https://app.byndid.com/desktop-login/downloads and click Download Domain Connector (.msi).
- On the Windows Server, navigate to the C:\Program Files\Domain Connector directory and open the settings.ini file.
- Add the line multiDC=yes to the ini file.
IMPORTANT: Make sure that multiDC=yes is capitalized exactly as shown because this entry is case-sensitive
- Save the file. Make sure the file saves as an .ini file and not a .txt file.
- Open Services, right-click the Beyond Identity Domain Connector service, and select Restart to apply the updated configuration.
- When a user enrolls, the logs under C:\Program Files\DomainConnector\logs will show the connector trying to enroll the user in multiple domains.
Troubleshooting
The Log file shows "Multi domain controller support disabled."
Open the settings.ini file in Step 2 above and verify that:
- The new entry looks exactly like the following: multiDC=yes
This entry is case-sensitive so it must use the exact capitalization shown above. - The value for multiDC is set to yes.
The Log file shows "Multi domain controller support enabled" but no domain controllers are listed.
If you don't see an domain controllers listed when multi-domain controller support is enabled, there may be an issue with the key administrator who is running the Domain Connector service. To verify:
- Open Services, view the user listed under Log On As for the Beyond Identity Domain Connector service.
- Verify that the user's password is not expired.
Frequently Asked Questions
What happens if I remove the Windows Desktop Login Domain Connector from my server?
Existing users who enrolled using the Domain Connector will not be impacted. Future user enrollments will not be able to use the Domain Connector for enrollment.
Comments
0 comments
Please sign in to leave a comment.