powered by Jive Software

Multiple AD domains in the same forest

Hi all,

My company has two AD domains under one namespace and in one forest, say, company.com and sub.company.com.

I currently have my Wildfire 2.6.2 server set up to use LDAP to allow users in the IM group in company.com. Any users in that IM group that are part of the company.com domain are just fine. If I add users from the sub.company.com domain to the same IM group, I can’'t see them in the Wildfire admin console.

Is there a way to use both domains on the same server? My end goal is to have people in both domains belong to the same messaging system (or at least be able to talk to each other across messaging systems, if that is possible).

According to this thread: http://www.jivesoftware.org/community/thread.jspa?messageID=96516&#96516, it sounds like it’‘s possible since one domain is the child of another, but that’‘s not what I’'m seeing (or the original poster of the above thred).

Thanks Much,


Message was edited by: gknuth

I only have experience with a single-domain AD structure. Can you explain how a multi-domain tree looks on the AD server. My assumption is that it looks like this:


|-> DC=company,DC=com

| `-> CN=Users

`-> DC=sub,company,DC=com

`-> CN=Users[/code]

If that’‘s accurate, the AD server is basically maintaining two separate LDAP databases with no common base DN that can access the two. The only way I know of to work in this scenario is to search on multiple base DNs. I’‘ve never fully understood what the alternateBaseDN[/b] option does and doesn’'t do, but you might look into it.

Yeah, that’'s pretty much it. And that makes sense to me, which is why I had to post after seeing that message that I linked to.

Can someone elaborate on the alternateBaseDN option? I’‘ll certainly turn it on a play around with it, but if someone has been there, done that, I’'d love to hear from them.

Thanks much

It doesn’'t appear that the option helps here…

Anyone else have any suggestions?

Can I set up two wildfire server instances (one per domain) and allow users to talk between them?