My Vault server currently authenticates with DOMAIN-A and I want to change it so that it authenticates with DOMAIN-B. DOMAIN-A and DOMAIN-B do not currently share any trust relationships.
I understand the correct DNS records for accessing DOMAIN-B need to be in accessible from the Vault server, that will be taken care of. Is this as simple as changing the domain name in the Vault Admin tool?
Note that I am using Vault 3.1.9 currently and I have plans in place to upgrade to Vault 4.1.2, but I'd rather get this domain authentication change done with 3.1.9 first. Are there any differences between the 2 versions as far as changing the AD domain authentication?
Changing the AD authentication from one domain to another
Moderator: SourceGear
Re: Changing the AD authentication from one domain to another
There's no real difference, except that there is now an additional database called sgmaster.
You may find an uninstall (but keeping the database) and a reinstall (reuse the same database) may be the easiest way to go rather than manually change each permission.
You may find an uninstall (but keeping the database) and a reinstall (reuse the same database) may be the easiest way to go rather than manually change each permission.
Beth Kieler
SourceGear Technical Support
SourceGear Technical Support
Re: Changing the AD authentication from one domain to another
Changing each permission?
I can find only one place in the admin tool to specify the authenticating domain name. Are you saying that I need to open each user's properties, uncheck AD authentication, save, recheck AD authentication and resave?
I can find only one place in the admin tool to specify the authenticating domain name. Are you saying that I need to open each user's properties, uncheck AD authentication, save, recheck AD authentication and resave?
Re: Changing the AD authentication from one domain to another
In order for Vault to authenticate against AD, it needs to run under an AD account that has permissions on that domain. If you switch domains, I am assuming that the user you are running Vault under does not have permissions on the other domain. That is why I mentioned the uninstall and reinstall. It's an easy way to switch the user Vault runs under.
If you have a trust where the current user that Vault runs under can authenticate to the second domain, then you are probably fine not switching that, but without knowing more, I couldn't tell you what you have going.
Then, you would go into the Admin web page and switch the domain it authenticates to.
Next, you need to know if the logins are the same on the second domain as the first. If they are, then you don't have to do anything, but if they aren't, then you have to change all the user logins to match what they are on the second domain.
If you have a trust where the current user that Vault runs under can authenticate to the second domain, then you are probably fine not switching that, but without knowing more, I couldn't tell you what you have going.
Then, you would go into the Admin web page and switch the domain it authenticates to.
Next, you need to know if the logins are the same on the second domain as the first. If they are, then you don't have to do anything, but if they aren't, then you have to change all the user logins to match what they are on the second domain.
Beth Kieler
SourceGear Technical Support
SourceGear Technical Support
Re: Changing the AD authentication from one domain to another
Ahhh. I see, thank you.
Re: Changing the AD authentication from one domain to another
Feel free to ask more questions if any part doesn't make sense.
Beth Kieler
SourceGear Technical Support
SourceGear Technical Support