cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Muslitple AD domain configuration in BO 3.1

Former Member

on ‎04-18-2018 7:44 AM

0 Kudos

Currently, we have AD domain a.com and 2000 users are added to that. it's working fine. Now we have acquired another company, they want access to our GDW. So we want to add a new domain (b.com) and a new set of users into that group. We have created an AD group b.com, then I have added the new group details into kb5.ini file. A new secwinAD group has created. Added the new group details into CMC, a group also added without any issues. But after that, no one is able to login into BO 3.1. please let me know how to add a new group in the multi-forest design

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

BasicTek
Advisor
Advisor
‎04-18-2018 12:55 PM
0 Kudos

Multiple forest setup can be quite complex. If you follow the guidelines in the KBA https://apps.support.sap.com/sap/support/knowledge/preview/en/1323391 you should be able to resolve the issue

#1 setup a 2 way forest trust to ensure DNS resolution in both directions. Don't use external trusts.

#2 it's best to map in groups containing only members from that forest, but there is an exception if mapping in foreign security principals is required.

#3 perform all testing in a client tool first like universe designer or the CCM, this removes the java layer and once that works then you can try to configure the java parameters.

-Tim

Show replies
Show replies
Ask a Question